Skip to Content
Last modified by Agnease on 2026/05/25 12:52
From version 8.9
edited by Agnease
on 2026/05/25 12:52
Change comment: There is no comment for this version
To version 1.1
edited by Agnease
on 2026/05/12 13:05
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -XWiki Authentication and Access Control
1 +xwiki-authentication-access-control
Content
... ... @@ -1,316 +1,0 @@
1 -{{velocity}}
2 -#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
3 -{{html clean="false"}}
4 - ## PAGE HEADER
5 - <section class="hero hero-centered service-hero" aria-labelledby="hero-title">
6 - <div class="container hero-inner">
7 - <div class="hero-kicker">
8 - <i class="fa fa-lock" aria-hidden="true"></i>
9 - XWiki authentication and access control
10 - </div>
11 - <h1 id="hero-title">Secure XWiki access, authentication and permissions</h1>
12 - <p class="lead">
13 - Secure XWiki access with LDAP, Active Directory, SSO, OIDC, SAML, MFA, user synchronization,
14 - group management and maintainable permission policies.
15 - </p>
16 - <div class="hero-actions">
17 - <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
18 - <a class="btn btn-secondary" href="#access-control-process">See the approach</a>
19 - </div>
20 - </div>
21 - </section>
22 - ## WHY ACCESS CONTROL CARDS
23 - #set ($accessControlItems = [{
24 - 'title': 'Connect users securely',
25 - 'icon': 'sign-in',
26 - 'content': 'Integrate XWiki with your identity provider so users can access the platform with familiar credentials.',
27 - 'items': [
28 - 'LDAP and Active Directory',
29 - 'OIDC, SAML and SSO',
30 - 'MFA and authentication extensions'
31 - ]
32 - },{
33 - 'title': 'Manage groups clearly',
34 - 'icon': 'users',
35 - 'content': 'Keep user and group synchronization understandable, scalable and aligned with the way permissions are used.',
36 - 'items': [
37 - 'User synchronization',
38 - 'Group mapping and filtering',
39 - 'Large directory considerations'
40 - ]
41 - },{
42 - 'title': 'Control access safely',
43 - 'icon': 'key',
44 - 'content': 'Review and structure rights so spaces, pages and applications can be maintained without accidental exposure.',
45 - 'items': [
46 - 'Wiki and page permissions',
47 - 'Admin and script rights awareness',
48 - 'Rights model cleanup'
49 - ]
50 - }])
51 -
52 - <section aria-labelledby="why-access-title">
53 - <div class="container">
54 - <h2 id="why-access-title">Access control is central to a reliable XWiki platform</h2>
55 - <p class="section-intro">
56 - XWiki often contains internal knowledge, procedures, project information, customer data, controlled documents
57 - and business workflows. Authentication and permissions need to be configured carefully so users can access
58 - what they need without exposing sensitive information or making administration too complex.
59 - </p>
60 - <div class="pathways">
61 - #foreach ($entry in $accessControlItems)
62 - <article class="pathway-card">
63 - <div class="card-heading">
64 - <div class="pathway-icon">
65 - <i class="fa fa-$entry.icon" aria-hidden="true"></i>
66 - </div>
67 - <h3>$entry.title</h3>
68 - </div>
69 - <p>$entry.content</p>
70 - <ul>
71 - #foreach ($item in $entry.items)
72 - <li>$item</li>
73 - #end
74 - </ul>
75 - </article>
76 - #end
77 - </div>
78 - </div>
79 - </section>
80 -
81 - ## COMMON NEEDS
82 - #set ($accessNeedsItems = [{
83 - 'title': 'LDAP and Active Directory integration',
84 - 'icon': 'address-book',
85 - 'content': 'Configuration, troubleshooting and optimization of LDAP/AD authentication, user creation and group synchronization.'
86 - },{
87 - 'title': 'SSO, OIDC and SAML',
88 - 'icon': 'sign-in',
89 - 'content': 'Integration with identity providers, single sign-on flows and authentication extensions used in enterprise environments.'
90 - },{
91 - 'title': 'Multi-factor authentication',
92 - 'icon': 'shield',
93 - 'content': 'MFA setup, licensing, configuration, troubleshooting and review of authentication-related user experience.'
94 - },{
95 - 'title': 'User and group synchronization',
96 - 'icon': 'users',
97 - 'content': 'Review of synchronization strategy, group mapping, large-directory behavior and performance implications.'
98 - },{
99 - 'title': 'Rights model review',
100 - 'icon': 'key',
101 - 'content': 'Review and cleanup of space, page, group and application permissions to reduce confusion and access risks.'
102 - },{
103 - 'title': 'Access-related troubleshooting',
104 - 'icon': 'warning',
105 - 'content': 'Investigation of login failures, missing users, group sync issues, unexpected permissions or denied access.'
106 - }])
107 -
108 - <section class="services" aria-labelledby="access-needs-title">
109 - <div class="container">
110 - <h2 id="access-needs-title">Common authentication and access control needs</h2>
111 - <p class="section-intro">
112 - Authentication and permissions often become more complex as XWiki grows. The right setup depends on your
113 - identity provider, group structure, security expectations, user volume and internal administration model.
114 - </p>
115 - <div class="services-grid">
116 - #foreach ($entry in $accessNeedsItems)
117 - <article class="service">
118 - <div class="service-icon" aria-hidden="true">
119 - <i class="fa fa-$entry.icon"></i>
120 - </div>
121 - <div class="service-body">
122 - <h4>$entry.title</h4>
123 - <p>$entry.content</p>
124 - </div>
125 - </article>
126 - #end
127 - </div>
128 - </div>
129 - </section>
130 -
131 - ## ACCESS CONTROL PROCESS
132 - #set ($accessProcessItems = [{
133 - 'title': 'Review the current access setup',
134 - 'content': 'Authentication method, user directory, groups, synchronization behavior, rights configuration and known issues.'
135 - },{
136 - 'title': 'Clarify the target model',
137 - 'content': 'Expected login flow, user provisioning, group mapping, administration model and permission boundaries.'
138 - },{
139 - 'title': 'Validate configuration safely',
140 - 'content': 'Test authentication, synchronization and rights behavior before applying changes to production when needed.'
141 - },{
142 - 'title': 'Apply controlled changes',
143 - 'content': 'Update configuration, extensions, rights or group mappings with attention to rollback and administrator access.'
144 - },{
145 - 'title': 'Document the result',
146 - 'content': 'Provide practical notes about the final configuration, assumptions, risks and future maintenance actions.'
147 - }])
148 -
149 - <section id="access-control-process" class="split-section" aria-labelledby="process-title">
150 - <div class="container">
151 - <div class="split-grid">
152 - <div class="split-copy">
153 - <h2 id="process-title">A practical access control approach</h2>
154 - <p>
155 - Authentication and permissions should be handled with care because small configuration mistakes can affect
156 - access to the entire platform. The goal is to understand the current setup, clarify the expected access
157 - model and apply changes in a controlled way.
158 - </p>
159 - <p>
160 - When possible, authentication and rights changes should first be validated in a staging or temporary clone
161 - of the instance, especially when directory synchronization, group mappings, SSO or custom rights logic are involved.
162 - </p>
163 - </div>
164 - <ol class="process-list">
165 - #foreach ($entry in $accessProcessItems)
166 - <li>
167 - <strong>$entry.title</strong>
168 - $entry.content
169 - </li>
170 - #end
171 - </ol>
172 - </div>
173 - </div>
174 - </section>
175 -
176 - ## SPECIFIC AREAS
177 - #set ($accessAreasItems = [{
178 - 'title': 'Directory configuration',
179 - 'icon': 'server',
180 - 'content': 'LDAP/AD connection settings, bind users, search bases, user filters, group filters and synchronization behavior.'
181 - },{
182 - 'title': 'Group mapping',
183 - 'icon': 'random',
184 - 'content': 'Mapping external groups into XWiki groups while avoiding unnecessary complexity and performance issues.'
185 - },{
186 - 'title': 'Permission structure',
187 - 'icon': 'lock',
188 - 'content': 'Space and page rights, inheritance, administrative access, edit rights, view rights and application permissions.'
189 - },{
190 - 'title': 'Security-sensitive rights',
191 - 'icon': 'user-secret',
192 - 'content': 'Review of powerful rights such as admin, programming, script and edit rights where they affect security.'
193 - }])
194 -
195 - <section aria-labelledby="areas-title">
196 - <div class="container">
197 - <h2 id="areas-title">Specific areas we can review</h2>
198 - <p class="section-intro">
199 - Access control in XWiki is not limited to the login page. It includes the full chain from identity provider
200 - to user synchronization, group membership, page permissions and application-level rules.
201 - </p>
202 - <div class="widgets">
203 - #foreach ($entry in $accessAreasItems)
204 - <article class="widget">
205 - <div class="icon" aria-hidden="true">
206 - <i class="fa fa-$entry.icon"></i>
207 - <h4>$entry.title</h4>
208 - </div>
209 - <p>$entry.content</p>
210 - </article>
211 - #end
212 - </div>
213 - </div>
214 - </section>
215 -
216 - ## IMPORTANT CONSIDERATIONS
217 - #set ($accessConsiderationItems = [{
218 - 'title': 'Large directory performance',
219 - 'icon': 'tachometer',
220 - 'content': 'Large numbers of users and groups can create synchronization, login-time or permission-management challenges.'
221 - },{
222 - 'title': 'Visibility of groups and users',
223 - 'icon': 'eye',
224 - 'content': 'Group display, permission screens and administration workflows should remain usable even with many directory groups.'
225 - },{
226 - 'title': 'User provisioning strategy',
227 - 'icon': 'user-plus',
228 - 'content': 'Decide when users are created, how profiles are updated and how synchronization behaves after first login.'
229 - },{
230 - 'title': 'Administrator access safety',
231 - 'icon': 'unlock-alt',
232 - 'content': 'Authentication changes should preserve reliable administrator access and avoid accidental lockouts.'
233 - },{
234 - 'title': 'Upgrade compatibility',
235 - 'icon': 'refresh',
236 - 'content': 'Authentication extensions, configuration keys and security behavior should be reviewed during XWiki upgrades.'
237 - },{
238 - 'title': 'Documentation and handover',
239 - 'icon': 'file-text-o',
240 - 'content': 'Access rules, configuration decisions and operational assumptions should be documented for future maintenance.'
241 - }])
242 -
243 - <section class="services" aria-labelledby="considerations-title">
244 - <div class="container">
245 - <h2 id="considerations-title">Important considerations</h2>
246 - <p class="section-intro">
247 - Authentication and access control should be designed for both security and usability. A setup that is too
248 - permissive creates risk, while a setup that is too complex becomes hard to operate and troubleshoot.
249 - </p>
250 - <div class="services-grid">
251 - #foreach ($entry in $accessConsiderationItems)
252 - <article class="service">
253 - <div class="service-icon" aria-hidden="true">
254 - <i class="fa fa-$entry.icon"></i>
255 - </div>
256 - <div class="service-body">
257 - <h4>$entry.title</h4>
258 - <p>$entry.content</p>
259 - </div>
260 - </article>
261 - #end
262 - </div>
263 - </div>
264 - </section>
265 -
266 - ## RELATED SERVICES
267 - #set ($relatedServiceItems = [{
268 - 'title': 'XWiki Support & Maintenance',
269 - 'url': 'services.xwiki-maintenance-support',
270 - 'content': 'Ongoing support for production environments, including troubleshooting, maintenance planning and operational review.',
271 - 'linkLabel': 'View support services'
272 - },{
273 - 'title': 'XWiki Security Review',
274 - 'url': 'services.xwiki-security-review',
275 - 'content': 'Security-aware review of versions, extensions, rights, scripting, authentication and upgrade exposure.',
276 - 'linkLabel': 'View security review'
277 - }])
278 -
279 - <section class="resource-strip" aria-labelledby="related-title">
280 - <div class="container">
281 - <h2 id="related-title">Related XWiki services</h2>
282 -
283 - <p class="section-intro">
284 - Authentication and access control often connect with maintenance, upgrades and security review.
285 - </p>
286 -
287 - <div class="resource-grid">
288 - #foreach ($entry in $relatedServiceItems)
289 - <article class="resource-card">
290 - <h4>$entry.title</h4>
291 - <p>$entry.content</p>
292 - <a href="$xwiki.getURL($entry.url)">$entry.linkLabel</a>
293 - </article>
294 - #end
295 - </div>
296 - </div>
297 - </section>
298 -
299 - ## CTA
300 - <section class="cta-section" aria-labelledby="cta-title">
301 - <div class="container">
302 - <div class="cta-panel">
303 - <h2 id="cta-title">Need help with XWiki authentication or permissions?</h2>
304 -
305 - <p>
306 - Send a short description of your authentication setup, identity provider, current XWiki version,
307 - user/group volume and the access control issue or improvement you want to address.
308 - </p>
309 -
310 - <a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Discuss access control needs</a>
311 - </div>
312 - </div>
313 - </section>
314 -
315 -{{/html}}
316 -{{/velocity}}
Agnease.Code.SEODetailsClass[0]
metaDescription
... ... @@ -1,1 +1,0 @@
1 -XWiki authentication and access control services for SSO, LDAP, OIDC, SAML, MFA, user groups, permissions and secure enterprise access management.
metaTitle
... ... @@ -1,1 +1,0 @@
1 -XWiki Authentication and Access Control Services | Agnease