In many cases, PBX authentication is active next to OAuth2, e.g. for admin accounts. To secure this, it's a great idea to activate 2-factor authentication. But unfortunately, this will also activate 2FA for OAuth2. This is very nasty because mostly OAuth2 makes its own 2-factor authentication. So users have a 3FA—very secure.

An extra option is needed to say that 2FA is only wanted for PBX authentications or that OAuth2 is excluded from this.

Niels