To enable a user account with two-factor authentication, the administrator has to carry out two steps:

1. Configure a realm and set TOTP authentication as its secondary authentication 
2. Associate the end-user to the realm 

Create a Realm

Create a Sign-in Policy