refactor(admin): 2FA chapter clean-up

- Document the three bundled (shipped) 2FA providers.
- Clarify what "providers" are and why they're important.
- Re-order the sections.
- Remove some outdated bits.
- Eliminate some redundancies.
- Misc tidying up.


Signed-off-by: Josh <josh.t.richards@gmail.com>

Author: joshtrichards

admin_manual/configuration_user/two_factor-auth.rst

@@ -5,14 +5,13 @@ Two-factor authentication
 =========================
 
 Two-factor authentication adds an additional layer of security to user accounts. In order to log
-in on an account with two-factor authentication (2FA) enabled, it is necessary to provide both the
-login password and another factor. 2FA in Nextcloud is pluggable, meaning that they are not part
-of the Nextcloud Server component but provided by featured and 3rd-party Nextcloud apps.
+in on an account when two-factor authentication (2FA) enabled, it is necessary to provide both the
+login password and another factor. 
 
+To use 2FA two things must happen:
 
-Several 2FA apps are already available including
-`TOTP <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>`_, 
-a Telegram/Signal/SMS gateway and `U2F <https://en.wikipedia.org/wiki/Universal_2nd_Factor>`_. 
+- At least one 2FA provider must be enabled by the administrator.
+- A user must activate 2FA on their account (or) the administrator must enforce the use of 2FA.
 
 
 Developers can `build new two-factor provider apps <https://docs.nextcloud.com/server/31/developer_manual/digging_deeper/two-factor-provider.html>`_.
@@ -22,40 +21,33 @@ Developers can `build new two-factor provider apps <https://docs.nextcloud.com/s
 Enabling two-factor authentication
 ----------------------------------
 
-You can enable 2FA by installing and enabling a 2FA app like TOTP which works
-with Google Authenticator and compatible apps. The apps are available in the
-Nextcloud App store so by navigating there and clicking **enable** for the app
-you want, 2FA will be installed and enabled on your Nextcloud server.
+2FA in Nextcloud is pluggable, meaning that various 2FA providers can be used to support different 
+types of factors. Three providers are automatically installed (but may need to be enabled):
 
-.. figure:: ../images/2fa-app-install.png
+**Two-Factor TOTP Provider**
 
 Once 2FA has been enabled, users have to `activate it in their personal settings. <https://docs.nextcloud.com/server/31/user_manual/en/user_2fa.html>`_
 
 .. TODO ON RELEASE: Update version number above on release
 
-Disabling two-factor authentication
------------------------------------
-
-Two-factor providers can be disabled via :ref:`occ <occ>`::
-
- sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>
+.. figure:: ../images/2fa-app-install.png
 
-User are free to enable this provider again via their personal settings.
+Developers can also `implement new two-factor provider 
+apps <https://docs.nextcloud.com/server/latest/developer_manual/digging_deeper/two-factor-provider.html>`_.
 
-.. note:: This operation has to be supported by the provider. If this support is missing, Nextcloud will abort and show an error.
+.. TODO ON RELEASE: Update version number above on release
 
 Enforcing two-factor authentication
 -----------------------------------
 
 By default 2FA is *optional*, hence users are given the choice whether to enable
-it for their account. Admins may enforce the use of 2FA.
-
+it for their account `under their personal settings <https://docs.nextcloud.com/server/latest/user_manual/en/user_2fa.html>`_.
+Admins may, however, enforce the use of 2FA.
 
-Enforcement is possible system-wide (all users), for selected groups only and can
-also be excluded for certain groups.
+Enforcement is possible system-wide (all users) or for selected groups only. Select groups
+can also be excluded from 2FA requirements. 
 
-
-These settings can be found in the administrator's security settings.
+These settings can be found under *Administration Settings->Security*.
 
 .. figure:: ../images/2fa-admin-settings.png
 
@@ -76,3 +68,14 @@ The associations of removed providers can be cleaned up via :ref:`occ <occ>`::
  sudo -u www-data php occ twofactorauth:cleanup <provider_id>
 
 .. warning:: This operation is irreversible. Only run it for providers you do not intend to enable again.
+
+Disabling two-factor authentication
+-----------------------------------
+
+Two-factor providers can be disabled via :ref:`occ <occ>`::
+
+ sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>
+
+User are free to enable this provider again via their personal settings.
+
+.. note:: This operation has to be supported by the provider. If this support is missing, Nextcloud will abort and show an error.