If FileVault is enabled, this may cause problems as by default the automatic logon feature is enabled.

Disable the automatic logon feature:


You can disable this feature by using the following command in Terminal:


sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

 

Once the user reboots, they will be prompted for standard username and password to decrypt the drive.  Once decrypted, they will then be presented with the 2fa screen to log on to their home profile.