XWiki Active Directory Application - connect XWiki to your organization directory

06 Sep 2019 5 min read
Written by Oana Elena Florea, Customer Support Manager

Article updated on June 28, 2021.

What is Active Directory (AD)?

Active Directory is a directory service implementation developed by Microsoft that provides a hierarchical structure for storing information. Additional functionalities include authentication, user and group management and a framework to deploy related services (Lightweight Directory Services, Certificate Services, Federation Services, and Rights Management). For example, the directory service Active Directory Domain Services (commonly known as AD DS or AD) stores information about user accounts from your organization (names, passwords, phone numbers, etc) and enables other authorized users on the same network to access this information.
The Active Directory service supports the LDAP1 and the Kerberos as protocols2 which act like guidelines to send and receive information.3

Key benefits for using Active Directory:

  • Hierarchical structure to store information regarding your organization.
  • Allows Single-SignOn (SSO) and works well on an intranet environment and over VPN
  • The ability to access and modify AD DS from multiple points of administration
  • A single point of access to network resources.
  • Ability to communicate with external networks running previous versions of Active Directory including Unix.

How can you connect XWiki to Active Directory?

The XWiki team has built an Active Directory application that allows you to easily connect your Active Directory server to XWiki using a visual editor. The UI provides a one-click verification for the connection to the Active Directory server.


How can you connect the users and groups from Active Directory to XWiki?

User and group management is one of the most used features of the Active Directory application allowing XWiki to be integrated with users and groups from your existing AD organization directory. For example:

  • Active Directory users will be able to authenticate in the wiki and a dedicated XWiki user will be created automatically at the first login.
  • Dedicated feature to import users instantly from Active Directory to XWiki
  • User synchronization: update different user properties (e.g. first name, last name, email, etc)  including the photo.
  • The Active Directory groups can be mapped to XWiki groups which will store as members the users belonging to an Active Directory group.
  • The user profile and groups will be synchronized on every authentication of a user.


Import users instantly from Active Directory to XWiki

Highly requested by our users, the Active Directory application includes a new feature to import users to XWiki from Active Directory without waiting for them to login first. The feature is available in several user management key locations (users or groups administration, group pages, etc).


The import has several advanced options available from the wiki administration section: 

  • The possibility to list of the LDAP user fields to be available for custom search.
  • Allow search by field.
  • Profile updates in case any OpenID Connect Authenticator is installed.
  • Specify who is able to import users from LDAP.


What are the key benefits of using the Active Directory Pro application?

  • Reuse the information from an existing Active Directory server.
  • Provides a visual editor inside the wiki Administration section to ease configuration.
  • Access advanced configuration options to set up the default Active Directory UID attribute name used to login in XWiki, restrictions for specific groups, etc.
  • It allows you to make changes without restarting the application server.
  • Instant access to new features and bug fixes upon update.
  • Technical Support for any question or issue you might encounter when using the application.

General FAQ

What are the supported authenticators for XWiki?

The wiki supports different authenticators including standard LDAP, Active Directory or Google login. More information is available on the documentation page and in our extensive article.

Can the wiki be connected to multiple authentication mechanisms at the same time?

The XWiki platform supports only one authentication mechanism to be enabled at one time.

Is LDAP the same as Active Directory?

While LDAP is a protocol compatible with many different directory services and access management solutions, Active Directory is one of the directory servers that uses the LDAP protocol. For further details regarding Active Directory, from definition to practice and more, check out the presentation Learn about the Active Directory Application or how to fix the most common LDAP issues.

How can I get the Active Directory Pro application?

  • As a standalone extension from the store. To try it out, search for Active Directory application in your wiki's Extension Manager, then install the app and get the trial.

  • You can request a free license if you are a Silver+ Support customer (XWiki On Premise or XWiki Cloud)

  • It is included with the XWiki Pro package, a full set of supported apps that will extend the standard platform to improve productivity.


1 LDAP is an open computer network authentication protocol supported by many different directory services and access management solutions.
2 Kerberos is a computer network authentication protocol for websites and Single-Sign-On implementations across platforms. It uses strong cryptography and third-party ticket authorization.
3 Source: https://www.varonis.com/blog/the-difference-between-active-directory-and-ldap

You may also be interested in: