Good afternoon, I hope you're doing well today. In our latest public release there is a Disable button for the 2FA functionality when impersonating the user account, so you could use this to turn off 2FA for the user so that they can get set up on their new device: 

So, you will need to impersonate to see the option, but once inside the user's account you can quickly turn it off from there. I hope this helps! :-)

That's odd.. I have the latest release available on the website installed (Enterprise Build 7957) but this is what I see when I impersonate someone with 2FA enabled:

Is there another build available I'm not seeing?

For what's it's written there, you should note impersonate the user but you've to login as that user.

That is very interesting. I checked on a couple of different servers running various versions including our current public branch and was able to find this option present in each account while impersonating. What browser are you impersonating from?

Hi Kyle,

I've tried in Chrome x64 (95.0.4638.69) and Firefox x64 (94.0.1)

Can you check the domain setting for the accounts you were testing and see if Two-Step Authentication is set to "Forced"? I'll think that might be why I'm not seeing an option to disable it but you are.

To be clear, I don't really want to disable 2FA; just have some way to reset it for a specific user so they can go through the re-enrollment setup again. Either via the nice enrollment wizard you see when the user first logs in or via some administrative method would be perfectly fine.

That makes sense, good find! You're very welcome!

Awesome.