Problem

There should be an easily accessible way to identify which users have two-factor authentication (2FA) enabled/disabled

Why This Is Important

2FA is a standard feature. The customer needs this for auditing purposes.

Workaround

To find the table name specific to your Jira instance, please execute the query below. (Note that these queries are written with PostgreSQL; if you're using a different database, please modify the query accordingly.)

SELECT * FROM INFORMATION_SCHEMA.TABLES where table_name like 'AO_%_TOTP_USER_ENROLLMENT' ;

After identifying the complete table name AO_??????_TOTP_USER_ENROLLMENT, you can retrieve the USER_KEY for users who have set up 2FA. This USER_KEY (for example, JIRAUSER10000 below) can be used to obtain user information using a query similar to the following:

SELECT 
    au.user_key,
    cu.user_name,
    cu.display_name,
    cu.email_address
FROM 
    app_user au
JOIN 
    cwd_user cu ON au.lower_user_name = cu.lower_user_name
WHERE 
    au.user_key = 'JIRAUSER10000';