If two-factor authentication is enabled, and an AD user gets locked out of their account or needs to enable a new device, an admin can reset their two-factor authentication. Once two-factor authentication is enabled for your AD user, you can disable or reset it at any time by following the steps below.
1. You will need to log into Web Administration in order to do this.
2. Once you have logged into the Web Admin tool go to the AD Users Page, from there you will see "User Custom Settings"
3. Select the user from the drop-down menu and press "Disable 2FA"
Two-factor authentication will now be disabled for the user.
If 2FA is required for this user ongoing, the user will need to set up two-factor authentication again for their account the next time they log in.