Multi-Factor Authentication (MFA) is a critical security feature in modern applications. Wello supports MFA for both the account holder and all authorized users when logging in to the portal. This multi-factor verification process protects your Wello account by requiring a second login step, ensuring your account remains secure even if your password is compromised.
The core purpose of the MFA is to require multiple, distinct proofs of identity from an individual before granting access to Wello. The goal is to prevent unauthorized account access, mitigate the risk of stolen or weak credentials and to safeguard all sensitive information and critical system access within the Wello portal.
Multi-Factor Authentication (MFA) Configuration
MFA can be enabled and managed by the account holder or an administrator of an organization. Once enabled at the admin level, individual users can then proceed to configure MFA for their respective accounts. The administrator has the ability to configure the available Multi-Factor Authentication options for all users and to enforce the use of MFA across the organization.
These admin-level MFA settings are managed within the portal settings. Navigate to Portal Settings in the top right corner, then select Manage Your Team, and finally the General Settings tab.
In the General Settings tab, the admin will find the MFA settings with the following configuration options:
MFA Policy
The MFA policy defines the organizational requirement for using Multi-Factor Authentication, offering three options:
Disable: This option completely disables MFA for all users within the organization.
Optional: MFA is optional for users. When set to optional, administrators can also configure reminders to encourage users to set up MFA.
Enforced: MFA is mandatory. When the enforced option is selected administrators can define a grace period, which is the number of days users are allowed to skip MFA setup before it becomes required.
MFA Method Configuration
Admins can also select the specific MFA method that will be used across the organization. There are three options for this:
User Selects: This option allows individual users to choose which method they want to use for verification (Email Verification or Authenticator App).
Email: All users within the organization are restricted to and must use email-based MFA.
Authenticator App: All users within the organization are restricted to and must use a TOTP (Time-based One-Time Password)-based authenticator app (such as Google Authenticator, Microsoft Authenticator, etc.).
Note: When the MFA Policy is set to Enforced, the User Selects option is disabled. This is to ensure consistency and mandatory adherence to a single, chosen method across all users.
MFA Reminder Frequency
This setting controls how often users are prompted to set up their MFA. The available reminder options are:
None: No reminders will be shown to users.
Days: Users will be prompted every X number of days (where X is the Reminder Interval number set).
Note: When MFA is either Disabled or Enforced by an admin, the reminder frequency setting is automatically locked to "None", as reminders are not applicable in those scenarios.
Once MFA is enabled and configured at the admin level, all individual users can proceed to set up MFA for their personal accounts.
Grace Period (Enforced MFA)
The grace period allows administrators to define the number of days users can skip the MFA setup requirement before it becomes mandatory.
The administrator can enter a specific number of days in the grace period field. This period begins on the day MFA is enabled in Enforced mode.
For example, if the administrator sets the grace period to 14 days, users will have 14 days from the activation date to complete their MFA setup. During this period, users can continue accessing the portal and will be able to skip the MFA setup popup.
Once the 14-day grace period expires, MFA setup becomes mandatory. On their next login, all users who have not yet completed MFA will be required to set it up before they can continue using the portal.
User-Level MFA Configuration
Once Multi-Factor Authentication has been enabled by your organization, users within that organization can begin the process to configure MFA for their individual accounts.
Users can enable or disable MFA from their Security Settings panel. Depending on the reminder policy set by your organization, users may receive periodic prompts to enable MFA. Additionally, users are prompted to configure MFA upon their first login. If MFA is not enforced, users will have the option to skip the setup and complete it later.
To configure your MFA settings, follow these steps:
Click your user profile icon in the top-right corner of the Wello portal.
Select Security from the dropdown menu.
The User Security Panel allows logged-in users to manage key security settings for their Wello account. Available actions include:
Changing the account password.
Configuring Multi-Factor Authentication (MFA).
Viewing MFA-related details.
Disabling MFA.
Generating a new recovery key.
Note: All actions within the User Security Panel require password verification to ensure account integrity. No changes can be made without first confirming the user's current password.
Set up Two-Step Verification (MFA)
In the security panel, users will find the option to configure MFA for their account:
Click on “Manage two step verifications” to initiate the setup process. This will open the MFA setup page.
Enter your password and click the setup button to begin the process.
Select a preferred MFA method: Email verification or Authenticator App. This step will be skipped if the Admin has pre-selected a mandatory MFA method for your organization.
Complete the method-specific( Email or authenticator app) configuration you selected. Check setup below
Receive a Recovery Key for emergency access, which is the final step.
Authenticator App Setup
When a user chooses the authenticator app verification method, a dedicated configuration page will display:
A QR code is displayed for scanning with a mobile authenticator app (e.g., Google Authenticator). If scanning is not possible, manual setup is supported by clicking on "can’t scan the QR code”. This displays the necessary setup key (Account name, Secret key, and TOTP type) to enter on the app.
Within the authenticator app, enters the 6-digit code generated by the app and clicks the connect phone button. In some cases once you enter the correct code, the system will proceed automatically without pressing the connect phone button.
Upon successful verification of the code, the Recovery Key screen is shown.
The recovery key is a crucial fallback mechanism used to access your account when your primary MFA method (authenticator app or email) is unavailable.
The Recovery Key screen includes:
An explanation of when and how to use the key.
The unique recovery key itself.
Options to: Copy to clipboard, Print, or Confirm You have written it down.
Choose one of the options and click the saved let’s finish button to finalize the MFA configuration.
Once “saved let’s finish” is clicked, MFA will be successfully enabled on the account.
Email-Based Setup
When a user chooses the email verification method, a configuration page will display:
The system displays your registered email address. Click “Mail me the code” to receive a one-time verification code via email.
Enters the 6-digit code sent to their email and clicks the connect email button.
Upon successful verification, the Recovery Key screen is shown.
The Recovery Key screen includes:
An explanation of when and how to use the key.
The unique recovery key itself.
Options to: Copy to clipboard, Print, or Confirm You have written it down.
Choose one of the options and click the “saved let’s finish” button to finalize the MFA configuration.
Once “saved let’s finish” is clicked, MFA will be successfully enabled on the account.
Managing MFA
Disable Two-Step Verification
If you choose to disable two-step verification, your account will no longer be protected with the required second login step.
Log in to your Wello account. Go to User Profile, then select Security from the drop-down menu.
In the security panel, click on “Manage two step verifications”.
Enter your Wello account password to verify your identity and click continue. This will then display the MFA configuration page.
Click on the disable button located below the page. Users will get a confirmation pop-up (Disabling two-step verification will remove the second login step that helps secure your account. Do you want to continue?)
Click okay to finalize the action and MFA will be disabled.
After you disable two-step verification, you will no longer log in using an authentication app or email code, just your password. You can re-enable two-step verification at any time.
Note: If your organization has enforced MFA for all users, you will be required to set it up again and use two-step verification when next you log in.
Generate New Recovery Key
If you have lost your emergency recovery key or are concerned that someone else might have access to it, you can create a new one. This action can only be performed when you are logged in to the portal. When you create a new emergency recovery key, it immediately replaces and invalidates the old one.
To create a new emergency recovery key:
Log in to your Wello account. Go to User Profile, then select Security from the drop-down menu.
In the security panel, click on “Manage two step verifications”.
Enter your Wello account password to verify your identity and click continue. This will then display the MFA configuration page.
Click on the Create Key button on the page. A confirmation page will be shown informing you that Once you create a new key, your existing Emergency Recovery Key will expire.
Click the Create Key option to confirm. The Recovery Key screen is shown.
The Recovery Key screen includes:
An explanation of when and how to use the key.
The unique recovery key itself.
Options to: Copy to clipboard, Print, or Confirm You have written it down.
Choose one of the options and click the “Okay, saved” button to finalize.
Make sure to copy, print, or securely write down your new emergency recovery key.
MFA During Login
Once you have enabled two-step verification, you will need your authentication app or email to log in every time:
Go to login.wello.solutions, enter your email and password as you would normally and click log in.
If MFA is enabled, the system will prompt for a 6-digit code.
Retrieve the 6-digit verification code from your authentication app or email.
Enter the verification code, then select Continue, or once the code is verified, you will be logged in automatically.
Recover Your Account
If you are unable to access your authentication app or email to log in with a verification code, you can use the emergency recovery key you created during the setup process to access your Wello account.
Use your emergency recovery key instead of a verification code:
Go to login.wello.solutions, enter your email and password as you would normally and click log in.
When asked for a verification code, select “can’t use phone?” (for Authenticator App method) or “can’t use email?” (for Email method) instead. Clicking these options opens the Recovery Key login screen.
Enter your emergency recovery key, then select Continue.
Note: Users can switch back to their primary method via the links: “Use your phone” or “Use your email” on the Recovery Key login screen.
Multi-Factor Authentication (MFA) on the Field Service App
Unlike the Wello Portal, the Field Service App does not support MFA setup methods such as email verification or authenticator apps. Users will not be prompted to configure MFA within the mobile application. The Field Service App uses its own built-in security method that relies on password and a unique code set up for each user.
Recovery Key Loss and No Access to MFA Methods
In cases where a user forgets their recovery key or loses access to it, and also no longer has access to their registered email or authenticator app, they will be unable to complete the Multi-Factor Authentication (MFA) verification process on their own.
Since all standard recovery options are unavailable in this situation, the user will need to contact Wello Support for assistance. This ensures that account security is maintained while still providing a controlled way to regain access when all MFA recovery methods have been lost.