An incomplete 2FA set-up on Opal can potentially lock out users.
Opal Version: 4.6.3.
Today I tried enabling the 2FA on an admin account, but logged out and logged back in before completing the 2FA registration on my phone. Opal will, regardless, assume the 2FA to have been registered (because the QR code was shown).
It would be desirable to have 2FA progress reset, unless the user has “confirmed” their device by entering a 6-digit code before exitting the settings page.