How to set up two factor with Authenticator OTP

On mobile device

It is required that Google Authenticator, Microsoft Authenticator or Authy app is installed on your mobile device.

OTP Connection settings

Order of factors: set value to Authenticator. You can also add more methods (Sms or Email - separated by comma) to let OTP fallback to them if error happens with the Authenticator method.
OTP1
Max input attempts: set values base on your security requirement.
Encrypt secret code: whether secret code in database (which is used for communicating between Identify and the time-base one time password provider e.g. Google Authenticator, Microsoft Authenticator...) is encrypted.

Notice that the OTP connection's name is used to identify this connection in authenticator apps. Thus, you should give it a name that is short yet unique and meaningful.
Once that is done, you can assign the OTP connection to act as second factor of an authentication connection. See this article for more instruction.

Note: if you want to configure Authenticator OTP for non-local users (login via upstream IDP), it is required to enable "Update unknown users from login" in the connection settings to allow Identify to update user's OTP secret code.