Multi-Factor Authentication (MFA) is a critical security feature in modern applications. Wello supports MFA for both the account holder and all authorized users when logging in to the portal. This multi-factor verification process protects your Wello account by requiring a second login step, ensuring your account remains secure even if your password is compromised.
The core purpose of the MFA is to require multiple, distinct proofs of identity from an individual before granting access to Wello. The goal is to prevent unauthorized account access, mitigate the risk of stolen or weak credentials and to safeguard all sensitive information and critical system access within the Wello portal.
Multi-Factor Authentication (MFA) Configuration
MFA can be enabled and managed by the account holder or an administrator of an organization. Once enabled at the admin level, individual users can then proceed to configure MFA for their respective accounts. The administrator has the ability to configure the available Multi-Factor Authentication options for all users and to enforce the use of MFA across the organization.
These admin-level MFA settings are managed within the portal settings. Navigate to Portal Settings, then select Manage Your Team, and finally the General Settings tab.
In the General Settings tab, the admin will find the MFA settings with the following configuration options:
MFA Policy
The MFA policy defines the organizational requirement for using Multi-Factor Authentication, offering three options:
Disable: This option completely disables MFA for all users within the organization.
Optional: MFA is optional for users. When set to optional, administrators can also configure reminders to encourage users to set up MFA.
Enforced: MFA is mandatory. When the enforced option is selected, users must complete the MFA setup process immediately after their next successful login to the portal.
MFA Method Configuration
Admins can also select the specific MFA method that will be used across the organization. There are three options for this:
User Selects: This option allows individual users to choose which method they want to use for verification (Email Verification or Authenticator App).
Email: All users within the organization are restricted to and must use email-based MFA.
Authenticator App: All users within the organization are restricted to and must use a TOTP (Time-based One-Time Password)-based authenticator app (such as Google Authenticator, Microsoft Authenticator, etc.).
Note: When the MFA Policy is set to Enforced, the User Selects option is disabled. This is to ensure consistency and mandatory adherence to a single, chosen method across all users.
MFA Reminder Frequency
This setting controls how often users are prompted to set up their MFA. The available reminder options are:
None: No reminders will be shown to users.
Logins: Users will be prompted every X number of successful logins (where X is a configurable number).
Days: Users will be prompted every X number of days (where X is a configurable number).
Note: When MFA is either Disabled or Enforced by an admin, the reminder frequency setting is automatically locked to "None", as reminders are not applicable in those scenarios.
Once MFA is enabled and configured at the admin level, all individual users can proceed to set up MFA for their personal accounts.
User-Level MFA Configuration
Once Multi-Factor Authentication has been enabled by your organization, users within that organization can begin the process to configure MFA for their individual accounts.
Users can enable or disable MFA from their Security Settings panel. Depending on the reminder policy set by your organization, users may receive periodic prompts to enable MFA. Additionally, users are prompted to configure MFA upon their first login. If MFA is not enforced, users will have the option to skip the setup and complete it later.
To configure your MFA settings, follow these steps:
Click your user profile icon in the top-right corner of the Wello portal.
Select Security from the dropdown menu.
The User Security Panel allows logged-in users to manage key security settings for their Wello account. Available actions include:
Changing the account password.
Configuring Multi-Factor Authentication (MFA).
Viewing MFA-related details.
Disabling MFA.
Generating a new recovery key.
Note: All actions within the User Security Panel require password verification to ensure account integrity. No changes can be made without first confirming the user's current password.
Set up Two-Step Verification (MFA)
In the security panel, users will find the option to configure MFA for their account:
Click on “Manage two step verifications” to initiate the setup process. This will open the MFA setup page.
Enter your password and click the setup button to begin the process.
Select a preferred MFA method: Email verification or Authenticator App. This step will be skipped if the Admin has pre-selected a mandatory MFA method for your organization.
Follow the on-screen instructions to Complete the method-specific configuration you selected.
Receive a Recovery Key for emergency access, which is the final step.
Authenticator App Setup
When a user chooses the authenticator app method, a dedicated configuration page will display:
A QR code is displayed for scanning with a mobile authenticator app (e.g., Google Authenticator). If scanning is not possible, manual setup is supported by clicking on "can’t scan the QR code”. This displays the necessary details: Account name, Secret key, and TOTP type.
After completing the setup within the authenticator app, enters the 6-digit code generated by the app and clicks the connect phone button.
Upon successful verification of the code, the Recovery Key screen is shown.
The recovery key is a crucial fallback mechanism used to access your account when your primary MFA method (authenticator app or email) is unavailable.
The Recovery Key screen includes:
An explanation of when and how to use the key.
The unique recovery key itself.
Options to: Copy to clipboard, Print, or Confirm You have written it down.
Choose one of the options and click the saved let’s finish button to finalize the MFA configuration.
Email-Based Setup
When a user chooses the email verification method, a configuration page will display:
The system displays your registered email address. Click “Mail me the code” to receive a one-time verification code via email.
Enters the 6-digit code sent to their email and clicks the connect email button.
Upon successful verification, the Recovery Key screen is shown.
The Recovery Key screen includes:
An explanation of when and how to use the key.
The unique recovery key itself.
Options to: Copy to clipboard, Print, or Confirm You have written it down.
Choose one of the options and click the “saved let’s finish” button to finalize the MFA configuration.
Managing MFA
Disable Two-Step Verification
If you choose to disable two-step verification, your account will no longer be protected with the required second login step.
Log in to your Wello account. Go to User Profile, then select Security from the drop-down menu.
In the security panel, click on “Manage two step verifications”.
Enter your Wello account password to verify your identity and click continue. This will then display the MFA configuration page.
Click on the disable button located below the page and click okay to finalize the action.
After you disable two-step verification, you will no longer log in using an authentication app or email code, just your password. You can re-enable two-step verification at any time.
Note: If your organization has enforced MFA for all users, you will be required to set it up again and use two-step verification when next you log in.
Generate New Recovery Key
If you have lost your emergency recovery key or are concerned that someone else might have access to it, you can create a new one. This action can only be performed when you are logged in to the portal. When you create a new emergency recovery key, it immediately replaces and invalidates the old one.
To create a new emergency recovery key:
Log in to your Wello account. Go to User Profile, then select Security from the drop-down menu.
In the security panel, click on “Manage two step verifications”.
Enter your Wello account password to verify your identity and click continue. This will then display the MFA configuration page.
Click on the Create Key button on the page, then follow the instructions on your screen to finalize the process.
Make sure to copy, print, or securely write down your new emergency recovery key.
MFA During Login
Once you have enabled two-step verification, you will need your authentication app or email to log in every time:
Go to login.wello.solutions, enter your email and password as you would normally and click log in.
If MFA is enabled, the system will prompt for a 6-digit code.
Retrieve the 6-digit verification code from your authentication app or email.
Enter the verification code, then select continue
Recover Your Account
If you are unable to access your authentication app or email to log in with a verification code, you can use the emergency recovery key you created during the setup process to access your Wello account.
Use your emergency recovery key instead of a verification code:
Go to login.wello.solutions, enter your email and password as you would normally and click log in.
When asked for a verification code, select “can’t use phone?” (for Authenticator App method) or “can’t use email?” (for Email method) instead.
Clicking these options opens the Recovery Key login screen.
Enter your emergency recovery key, then select Log in.
Note: Users can switch back to their primary method via the links: “Use your phone” or “Use your email” on the Recovery Key login screen.