I might be missing something, but it doesn't make sense to me that the administrator would need to set up the 2FA (i.e. Google Authenticator) for users, and then figure out how to securely transfer the 2FA token to the users. I don't know any other service that works this way.
Is there some way to just require 2FA for all users, and then have them be prompted to set it up for themselves on first log-in?
Customer support service by UserEcho