Now 2FA is enabled for our site we have found that when we create new user accounts the users cannot access the 'restricted' areas of iSAMS because 2FA has not been positively enabled for their account. The default is that it is not enabled. This means that for each new user you have to edit the account after it has been created to enable 2FA. This should be an option when creating the account or a default preferences option.