Before you turn on two-factor authentication, you must make sure that your system clock is accurate. This is because 2FA codes change every minute and you must enter the one that's valid. We strongly recommend that you check both the current time and your Network Time Protocol (NTP) setup before turning on this feature for any of your users, see: Set the time for Smoothwall On-Premise Appliance
Two factor authentication is a method of confirming users' claimed identities by using a combination of two different factors.
Once you turn on 2FA for a user, the next time the user logs in, they will be prompted to enroll. However, they can continue logging in without setting this up.
To enroll, the user needs an authentication app on their smartphone that can scan QR codes, for example, Google Authenticator or Authy. They need to log on and in the warning message at the top of the page, click the Enroll for Two Factor Authentication link, scan the QR code on the page with their app, and then enter the six-digit code to confirm their enrollment.
Once the user has enrolled, when they return to the sign-in page they see an extra Two Factor Authentication Token box so that they can enter their six-digit code from their authentication app and log in.
You can see if a user has enrolled for 2FA on the Administrative users page, within the Current users table in the Enrolled into Two Factor column.