As far as I can tell, since about a year ago, it can only be enabled as a secondary 2FA/2SV method.
You must first enable a primary method, which is limited to these undesirables:
- SMS/voice verification
- Google Prompt (on a phone - but maybe Android-in-a-VM can work as well?)
- Physical Security Key
Does anyone know of a way to enable TOTP directly?
https://www.reddit.com/r/gsuite/comment ... ification/
https://discussions.agilebits.com/discu ... tor-option