Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 1.1
edited by Agnease
on 2026/05/12 13:05
Change comment: There is no comment for this version
To version 8.9
edited by Agnease
on 2026/05/25 12:52
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -xwiki-authentication-access-control
1 +XWiki Authentication and Access Control
Content
... ... @@ -1,0 +1,316 @@
1 +{{velocity}}
2 +#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 +{{html clean="false"}}
4 + ## PAGE HEADER
5 + <section class="hero hero-centered service-hero" aria-labelledby="hero-title">
6 + <div class="container hero-inner">
7 + <div class="hero-kicker">
8 + <i class="fa fa-lock" aria-hidden="true"></i>
9 + XWiki authentication and access control
10 + </div>
11 + <h1 id="hero-title">Secure XWiki access, authentication and permissions</h1>
12 + <p class="lead">
13 + Secure XWiki access with LDAP, Active Directory, SSO, OIDC, SAML, MFA, user synchronization,
14 + group management and maintainable permission policies.
15 + </p>
16 + <div class="hero-actions">
17 + <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
18 + <a class="btn btn-secondary" href="#access-control-process">See the approach</a>
19 + </div>
20 + </div>
21 + </section>
22 + ## WHY ACCESS CONTROL CARDS
23 + #set ($accessControlItems = [{
24 + 'title': 'Connect users securely',
25 + 'icon': 'sign-in',
26 + 'content': 'Integrate XWiki with your identity provider so users can access the platform with familiar credentials.',
27 + 'items': [
28 + 'LDAP and Active Directory',
29 + 'OIDC, SAML and SSO',
30 + 'MFA and authentication extensions'
31 + ]
32 + },{
33 + 'title': 'Manage groups clearly',
34 + 'icon': 'users',
35 + 'content': 'Keep user and group synchronization understandable, scalable and aligned with the way permissions are used.',
36 + 'items': [
37 + 'User synchronization',
38 + 'Group mapping and filtering',
39 + 'Large directory considerations'
40 + ]
41 + },{
42 + 'title': 'Control access safely',
43 + 'icon': 'key',
44 + 'content': 'Review and structure rights so spaces, pages and applications can be maintained without accidental exposure.',
45 + 'items': [
46 + 'Wiki and page permissions',
47 + 'Admin and script rights awareness',
48 + 'Rights model cleanup'
49 + ]
50 + }])
51 +
52 + <section aria-labelledby="why-access-title">
53 + <div class="container">
54 + <h2 id="why-access-title">Access control is central to a reliable XWiki platform</h2>
55 + <p class="section-intro">
56 + XWiki often contains internal knowledge, procedures, project information, customer data, controlled documents
57 + and business workflows. Authentication and permissions need to be configured carefully so users can access
58 + what they need without exposing sensitive information or making administration too complex.
59 + </p>
60 + <div class="pathways">
61 + #foreach ($entry in $accessControlItems)
62 + <article class="pathway-card">
63 + <div class="card-heading">
64 + <div class="pathway-icon">
65 + <i class="fa fa-$entry.icon" aria-hidden="true"></i>
66 + </div>
67 + <h3>$entry.title</h3>
68 + </div>
69 + <p>$entry.content</p>
70 + <ul>
71 + #foreach ($item in $entry.items)
72 + <li>$item</li>
73 + #end
74 + </ul>
75 + </article>
76 + #end
77 + </div>
78 + </div>
79 + </section>
80 +
81 + ## COMMON NEEDS
82 + #set ($accessNeedsItems = [{
83 + 'title': 'LDAP and Active Directory integration',
84 + 'icon': 'address-book',
85 + 'content': 'Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.'
86 + },{
87 + 'title': 'SSO, OIDC and SAML',
88 + 'icon': 'sign-in',
89 + 'content': 'Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.'
90 + },{
91 + 'title': 'Multi-factor authentication',
92 + 'icon': 'shield',
93 + 'content': 'MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.'
94 + },{
95 + 'title': 'User and group synchronization',
96 + 'icon': 'users',
97 + 'content': 'Review of synchronization strategy, group mapping, large-directory behavior and performance implications.'
98 + },{
99 + 'title': 'Rights model review',
100 + 'icon': 'key',
101 + 'content': 'Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.'
102 + },{
103 + 'title': 'Access-related troubleshooting',
104 + 'icon': 'warning',
105 + 'content': 'Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.'
106 + }])
107 +
108 + <section class="services" aria-labelledby="access-needs-title">
109 + <div class="container">
110 + <h2 id="access-needs-title">Common authentication and access control needs</h2>
111 + <p class="section-intro">
112 + Authentication and permissions often become more complex as XWiki grows. The right setup depends on your
113 + identity provider, group structure, security expectations, user volume and internal administration model.
114 + </p>
115 + <div class="services-grid">
116 + #foreach ($entry in $accessNeedsItems)
117 + <article class="service">
118 + <div class="service-icon" aria-hidden="true">
119 + <i class="fa fa-$entry.icon"></i>
120 + </div>
121 + <div class="service-body">
122 + <h4>$entry.title</h4>
123 + <p>$entry.content</p>
124 + </div>
125 + </article>
126 + #end
127 + </div>
128 + </div>
129 + </section>
130 +
131 + ## ACCESS CONTROL PROCESS
132 + #set ($accessProcessItems = [{
133 + 'title': 'Review the current access setup',
134 + 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
135 + },{
136 + 'title': 'Clarify the target model',
137 + 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
138 + },{
139 + 'title': 'Validate configuration safely',
140 + 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
141 + },{
142 + 'title': 'Apply controlled changes',
143 + 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
144 + },{
145 + 'title': 'Document the result',
146 + 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
147 + }])
148 +
149 + <section id="access-control-process" class="split-section" aria-labelledby="process-title">
150 + <div class="container">
151 + <div class="split-grid">
152 + <div class="split-copy">
153 + <h2 id="process-title">A practical access control approach</h2>
154 + <p>
155 + Authentication and permissions should be handled with care because small configuration mistakes can affect
156 + access to the entire platform. The goal is to understand the current setup, clarify the expected access
157 + model and apply changes in a controlled way.
158 + </p>
159 + <p>
160 + When possible, authentication and rights changes should first be validated in a staging or temporary clone
161 + of the instance, especially when directory synchronization, group mappings, SSO or custom rights logic are involved.
162 + </p>
163 + </div>
164 + <ol class="process-list">
165 + #foreach ($entry in $accessProcessItems)
166 + <li>
167 + <strong>$entry.title</strong>
168 + $entry.content
169 + </li>
170 + #end
171 + </ol>
172 + </div>
173 + </div>
174 + </section>
175 +
176 + ## SPECIFIC AREAS
177 + #set ($accessAreasItems = [{
178 + 'title': 'Directory configuration',
179 + 'icon': 'server',
180 + 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
181 + },{
182 + 'title': 'Group mapping',
183 + 'icon': 'random',
184 + 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
185 + },{
186 + 'title': 'Permission structure',
187 + 'icon': 'lock',
188 + 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
189 + },{
190 + 'title': 'Security-sensitive rights',
191 + 'icon': 'user-secret',
192 + 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
193 + }])
194 +
195 + <section aria-labelledby="areas-title">
196 + <div class="container">
197 + <h2 id="areas-title">Specific areas we can review</h2>
198 + <p class="section-intro">
199 + Access control in XWiki is not limited to the login page. It includes the full chain from identity provider
200 + to user synchronization, group membership, page permissions and application-level rules.
201 + </p>
202 + <div class="widgets">
203 + #foreach ($entry in $accessAreasItems)
204 + <article class="widget">
205 + <div class="icon" aria-hidden="true">
206 + <i class="fa fa-$entry.icon"></i>
207 + <h4>$entry.title</h4>
208 + </div>
209 + <p>$entry.content</p>
210 + </article>
211 + #end
212 + </div>
213 + </div>
214 + </section>
215 +
216 + ## IMPORTANT CONSIDERATIONS
217 + #set ($accessConsiderationItems = [{
218 + 'title': 'Large directory performance',
219 + 'icon': 'tachometer',
220 + 'content': 'Large numbers of users and groups can create synchronization, login-time or permission-management challenges.'
221 + },{
222 + 'title': 'Visibility of groups and users',
223 + 'icon': 'eye',
224 + 'content': 'Group display, permission screens and administration workflows should remain usable even with many directory groups.'
225 + },{
226 + 'title': 'User provisioning strategy',
227 + 'icon': 'user-plus',
228 + 'content': 'Decide when users are created, how profiles are updated and how synchronization behaves after first login.'
229 + },{
230 + 'title': 'Administrator access safety',
231 + 'icon': 'unlock-alt',
232 + 'content': 'Authentication changes should preserve reliable administrator access and avoid accidental lockouts.'
233 + },{
234 + 'title': 'Upgrade compatibility',
235 + 'icon': 'refresh',
236 + 'content': 'Authentication extensions, configuration keys and security behavior should be reviewed during XWiki upgrades.'
237 + },{
238 + 'title': 'Documentation and handover',
239 + 'icon': 'file-text-o',
240 + 'content': 'Access rules, configuration decisions and operational assumptions should be documented for future maintenance.'
241 + }])
242 +
243 + <section class="services" aria-labelledby="considerations-title">
244 + <div class="container">
245 + <h2 id="considerations-title">Important considerations</h2>
246 + <p class="section-intro">
247 + Authentication and access control should be designed for both security and usability. A setup that is too
248 + permissive creates risk, while a setup that is too complex becomes hard to operate and troubleshoot.
249 + </p>
250 + <div class="services-grid">
251 + #foreach ($entry in $accessConsiderationItems)
252 + <article class="service">
253 + <div class="service-icon" aria-hidden="true">
254 + <i class="fa fa-$entry.icon"></i>
255 + </div>
256 + <div class="service-body">
257 + <h4>$entry.title</h4>
258 + <p>$entry.content</p>
259 + </div>
260 + </article>
261 + #end
262 + </div>
263 + </div>
264 + </section>
265 +
266 + ## RELATED SERVICES
267 + #set ($relatedServiceItems = [{
268 + 'title': 'XWiki Support & Maintenance',
269 + 'url': 'services.xwiki-maintenance-support',
270 + 'content': 'Ongoing support for production environments, including troubleshooting, maintenance planning and operational review.',
271 + 'linkLabel': 'View support services'
272 + },{
273 + 'title': 'XWiki Security Review',
274 + 'url': 'services.xwiki-security-review',
275 + 'content': 'Security-aware review of versions, extensions, rights, scripting, authentication and upgrade exposure.',
276 + 'linkLabel': 'View security review'
277 + }])
278 +
279 + <section class="resource-strip" aria-labelledby="related-title">
280 + <div class="container">
281 + <h2 id="related-title">Related XWiki services</h2>
282 +
283 + <p class="section-intro">
284 + Authentication and access control often connect with maintenance, upgrades and security review.
285 + </p>
286 +
287 + <div class="resource-grid">
288 + #foreach ($entry in $relatedServiceItems)
289 + <article class="resource-card">
290 + <h4>$entry.title</h4>
291 + <p>$entry.content</p>
292 + <a href="$xwiki.getURL($entry.url)">$entry.linkLabel</a>
293 + </article>
294 + #end
295 + </div>
296 + </div>
297 + </section>
298 +
299 + ## CTA
300 + <section class="cta-section" aria-labelledby="cta-title">
301 + <div class="container">
302 + <div class="cta-panel">
303 + <h2 id="cta-title">Need help with XWiki authentication or permissions?</h2>
304 +
305 + <p>
306 + Send a short description of your authentication setup, identity provider, current XWiki version,
307 + user/group volume and the access control issue or improvement you want to address.
308 + </p>
309 +
310 + <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
311 + </div>
312 + </div>
313 + </section>
314 +
315 +{{/html}}
316 +{{/velocity}}
Agnease.Code.SEODetailsClass[0]
metaDescription
... ... @@ -1,0 +1,1 @@
1 +XWiki authentication and access control services for SSO, LDAP, OIDC, SAML, MFA, user groups, permissions and secure enterprise access management.
metaTitle
... ... @@ -1,0 +1,1 @@
1 +XWiki Authentication and Access Control Services | Agnease