From 005f70991fb744dbed2c886189d8f335057564f9 Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Thu, 20 Feb 2025 16:16:53 +0200
Subject: [PATCH 1/8] allow admins to disable 2fa

---
 ui/src/app/account/model/account.model.ts     |  1 +
 ui/src/app/account/service/account.service.ts |  4 +-
 .../account/settings/settings.component.ts    | 20 +++++----
 ui/src/app/user/user-update.component.html    | 44 ++++++++++++++++++-
 ui/src/app/user/user-update.component.scss    | 21 +++++++++
 ui/src/app/user/user-update.component.ts      |  7 +++
 6 files changed, 85 insertions(+), 12 deletions(-)
 create mode 100644 ui/src/app/user/user-update.component.scss

diff --git a/ui/src/app/account/model/account.model.ts b/ui/src/app/account/model/account.model.ts
index 86497e547..44579a4d7 100644
--- a/ui/src/app/account/model/account.model.ts
+++ b/ui/src/app/account/model/account.model.ts
@@ -1,4 +1,5 @@
 export interface IAccount {
+  id: string
   activated: boolean
   authorities: string[]
   email: string
diff --git a/ui/src/app/account/service/account.service.ts b/ui/src/app/account/service/account.service.ts
index 32640b39a..781ad6b79 100644
--- a/ui/src/app/account/service/account.service.ts
+++ b/ui/src/app/account/service/account.service.ts
@@ -89,8 +89,8 @@ export class AccountService {
     )
   }
 
-  disableMfa(): Observable<boolean> {
-    return this.http.post('/services/userservice/api/account/mfa/off', null, { observe: 'response' }).pipe(
+  disableMfa(userId: string): Observable<boolean> {
+    return this.http.post(`/services/userservice/api/account/${userId}/mfa/off`, null, { observe: 'response' }).pipe(
       map((res: HttpResponse<any>) => this.isSuccess(res)),
       catchError(() => {
         return of(false)
diff --git a/ui/src/app/account/settings/settings.component.ts b/ui/src/app/account/settings/settings.component.ts
index 243d8e06b..2f698ffa3 100644
--- a/ui/src/app/account/settings/settings.component.ts
+++ b/ui/src/app/account/settings/settings.component.ts
@@ -118,15 +118,17 @@ export class SettingsComponent implements OnInit {
         }
       })
     } else {
-      this.accountService.disableMfa().subscribe({
-        next: () => {
-          this.showMfaUpdated = true
-          this.accountService.getMfaSetup().subscribe((res) => {
-            this.mfaSetup = res
-          })
-        },
-        error: (err) => console.log('error disabling mfa'),
-      })
+      if (this.account && this.account.id) {
+        this.accountService.disableMfa(this.account.id).subscribe({
+          next: () => {
+            this.showMfaUpdated = true
+            this.accountService.getMfaSetup().subscribe((res) => {
+              this.mfaSetup = res
+            })
+          },
+          error: (err) => console.log('error disabling mfa'),
+        })
+      }
     }
   }
 
diff --git a/ui/src/app/user/user-update.component.html b/ui/src/app/user/user-update.component.html
index cef5a9719..9cf7640ba 100644
--- a/ui/src/app/user/user-update.component.html
+++ b/ui/src/app/user/user-update.component.html
@@ -68,7 +68,7 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
             >Organization Owner</label
           >
         </div>
-        <div class="form-group">
+        <div class="form-group mb-0">
           <label
             class="form-control-label"
             i18n="@@gatewayApp.msUserServiceMSUser.salesforceId.string"
@@ -114,6 +114,48 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
             >
           </div>
         </div>
+        <ng-container *ngIf="existentUser && existentUser.id && hasRoleAdmin()">
+          <hr class="mb-32 mt-0" />
+          <h2 class="mb-8 font-size-16">
+            <ng-container i18n="@@">Two-factor authentication</ng-container>&nbsp;<span
+              class="mfaOn"
+              *ngIf="existentUser.mfaEnabled"
+              >(ON)</span
+            >
+            <span class="mfaOff" *ngIf="!existentUser.mfaEnabled">(OFF)</span>
+          </h2>
+          <div class="font-size-14">
+            <ng-container *ngIf="existentUser.mfaEnabled">
+              <p class="mb-8" i18n="@@">
+                Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the
+                member portal.
+              </p>
+              <div class="form-group">
+                <input
+                  type="checkbox"
+                  class="form-control"
+                  name="twoFactorAuthentication"
+                  id="field_twoFactorAuthentication"
+                  formControlName="twoFactorAuthentication"
+                />
+                <label
+                  class="form-control-label two-factor-authentication-label"
+                  i18n="@@gatewayApp.msUserServiceMSUser"
+                  for="field_twoFactorAuthentication"
+                  >Two-factor authentication</label
+                >
+              </div>
+            </ng-container>
+            <ng-container *ngIf="!existentUser.mfaEnabled">
+              <div class="warning-message d-flex p-16 mb-40 mt-16">
+                <img src="./../../../../content/images/warning-sign.svg" alt="Warning sign" class="p-8" />
+                <div class="font-size-14 wide-text line-height-150">
+                  Users can enable 2FA from their account settings page
+                </div>
+              </div>
+            </ng-container>
+          </div>
+        </ng-container>
       </div>
       <div class="form-group">
         <button type="button" id="cancel-save" class="btn btn-outline-primary mr-2" (click)="navigateToUsersList()">
diff --git a/ui/src/app/user/user-update.component.scss b/ui/src/app/user/user-update.component.scss
new file mode 100644
index 000000000..d37c73bde
--- /dev/null
+++ b/ui/src/app/user/user-update.component.scss
@@ -0,0 +1,21 @@
+.warning-message {
+  img {
+    padding: 0 16px 0 8px !important;
+  }
+  div {
+    font-size: 0.875rem;
+  }
+  border: 2px solid #ff9c00;
+  border-radius: 4px;
+}
+
+.mfaOn {
+  color: #7faa26;
+}
+.mfaOff {
+  color: #d32f2f;
+}
+
+.two-factor-authentication-label {
+  font-weight: normal;
+}
diff --git a/ui/src/app/user/user-update.component.ts b/ui/src/app/user/user-update.component.ts
index fe174e9e5..6379e9957 100644
--- a/ui/src/app/user/user-update.component.ts
+++ b/ui/src/app/user/user-update.component.ts
@@ -19,6 +19,7 @@ import { AlertMessage, AlertType, DATE_TIME_FORMAT, emailValidator } from '../ap
 @Component({
   selector: 'app-user-update',
   templateUrl: './user-update.component.html',
+  styleUrls: ['./user-update.component.scss'],
 })
 export class UserUpdateComponent {
   isSaving = false
@@ -46,6 +47,7 @@ export class UserUpdateComponent {
     salesforceId: new FormControl<string | null>(null, Validators.required),
     activated: new FormControl<boolean | null>(null),
     isAdmin: new FormControl<boolean | null>(null),
+    twoFactorAuthentication: new FormControl<boolean | null>(null),
     createdBy: new FormControl<string | null>(null),
     createdDate: new FormControl<string | null>(null),
     lastModifiedBy: new FormControl<string | null>(null),
@@ -124,6 +126,7 @@ export class UserUpdateComponent {
       salesforceId: user.salesforceId,
       activated: user.activated,
       isAdmin: user.isAdmin,
+      twoFactorAuthentication: user.mfaEnabled,
       createdBy: user.createdBy,
       createdDate: user.createdDate != null ? user.createdDate.format(DATE_TIME_FORMAT) : null,
       lastModifiedBy: user.lastModifiedBy,
@@ -239,6 +242,9 @@ export class UserUpdateComponent {
         const data = response
         if (data.valid) {
           if (userFromForm.id !== null) {
+            if (this.hasRoleAdmin() && !userFromForm.mfaEnabled && userFromForm.id) {
+              this.accountService.disableMfa(userFromForm.id).subscribe()
+            }
             if (this.currentAccount.id === userFromForm.id) {
               // ownership change functions redirect to homepage instead of redirecting to users list
               // as users who lose org owner status shouldn't have access to the users list
@@ -298,6 +304,7 @@ export class UserUpdateComponent {
       mainContact: this.editForm.get(['mainContact'])?.value || false,
       isAdmin: this.editForm.get(['isAdmin'])?.value || false,
       salesforceId: this.editForm.get(['salesforceId'])?.value || null,
+      mfaEnabled: this.editForm.get(['twoFactorAuthentication'])?.value || false,
       createdBy: this.editForm.get(['createdBy'])?.value || null,
       createdDate:
         this.editForm.get(['createdDate'])?.value != null

From 63be923c1ffcb673f4935f3e2af6ae9d9ac1a484 Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Thu, 20 Feb 2025 16:19:16 +0200
Subject: [PATCH 2/8] add disable 2fa checks for nonadmins

---
 ui/cypress/e2e/retention/add-user.cy.js  | 2 ++
 ui/cypress/e2e/retention/edit-user.cy.js | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/ui/cypress/e2e/retention/add-user.cy.js b/ui/cypress/e2e/retention/add-user.cy.js
index 0035af8f9..ea1862b83 100644
--- a/ui/cypress/e2e/retention/add-user.cy.js
+++ b/ui/cypress/e2e/retention/add-user.cy.js
@@ -27,6 +27,8 @@ describe("Add new user", () => {
     cy.get("#field_mainContact").click();
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // save
     cy.get("#save-entity").click();
     cy.get(".alert-success").should("exist");
diff --git a/ui/cypress/e2e/retention/edit-user.cy.js b/ui/cypress/e2e/retention/edit-user.cy.js
index 875d30683..c3605ca6f 100644
--- a/ui/cypress/e2e/retention/edit-user.cy.js
+++ b/ui/cypress/e2e/retention/edit-user.cy.js
@@ -29,6 +29,8 @@ describe("Test the edit user form", () => {
     cy.get("#field_salesforceId").invoke("attr", "disabled").should("exist");
     // Admin checkbox should not exist
     cy.get("#field_isAdmin").should("not.exist");
+    // Disable 2fa should not exist
+    cy.get("#field_twoFactorAuthentication").should("not.exist");
     // 'Activated' checkbox is missing the 'disabled' attr
     /*cy.get('#field_activated')
       .invoke('attr', 'disabled')

From 1f59545470b5664e8e2306267e332ccbaf33248a Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Thu, 20 Feb 2025 16:38:05 +0200
Subject: [PATCH 3/8] fix unit tests

---
 ui/src/app/account/login/login.component.spec.ts          | 1 +
 ui/src/app/account/settings/settings.component.spec.ts    | 8 ++++++++
 ui/src/app/affiliation/affiliations.component.spec.ts     | 1 +
 .../send-notifications-dialog.component.spec.ts           | 1 +
 .../consortium/add-consortium-member.component.spec.ts    | 1 +
 .../consortium/remove-consortium-member.component.spec.ts | 1 +
 ui/src/app/home/contact/contact-update.component.spec.ts  | 1 +
 ui/src/app/home/home.component.spec.ts                    | 1 +
 ui/src/app/layout/navbar/navbar.component.spec.ts         | 3 +++
 ui/src/app/member/members.component.spec.ts               | 1 +
 ui/src/app/user/user-update.component.spec.ts             | 2 ++
 ui/src/app/user/users.component.spec.ts                   | 1 +
 12 files changed, 22 insertions(+)

diff --git a/ui/src/app/account/login/login.component.spec.ts b/ui/src/app/account/login/login.component.spec.ts
index 90ea33014..61fb3af1d 100644
--- a/ui/src/app/account/login/login.component.spec.ts
+++ b/ui/src/app/account/login/login.component.spec.ts
@@ -45,6 +45,7 @@ describe('LoginComponent', () => {
     loginService.login.and.returnValue(of(mockLoginResult))
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/account/settings/settings.component.spec.ts b/ui/src/app/account/settings/settings.component.spec.ts
index dad934c83..6d03832a9 100644
--- a/ui/src/app/account/settings/settings.component.spec.ts
+++ b/ui/src/app/account/settings/settings.component.spec.ts
@@ -63,6 +63,7 @@ describe('SettingsComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -84,6 +85,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -115,6 +117,7 @@ describe('SettingsComponent', () => {
   it('should flip mfa fields when mfa state changed', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -141,6 +144,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service enable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -169,6 +173,7 @@ describe('SettingsComponent', () => {
   it('save mfa enabled should call account service disable', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -185,6 +190,7 @@ describe('SettingsComponent', () => {
     )
     accountServiceSpy.getMfaSetup.and.returnValue(of({ secret: 'test', otp: 'test', qrCode: ['test'] }))
     accountServiceSpy.disableMfa.and.returnValue(of(true))
+    fixture.detectChanges()
 
     component.mfaForm.patchValue({ mfaEnabled: false, verificationCode: 'test' })
     component.saveMfa()
@@ -197,6 +203,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(true))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
@@ -222,6 +229,7 @@ describe('SettingsComponent', () => {
     accountServiceSpy.save.and.returnValue(of(false))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/affiliation/affiliations.component.spec.ts b/ui/src/app/affiliation/affiliations.component.spec.ts
index ca5290df0..83148bf7b 100644
--- a/ui/src/app/affiliation/affiliations.component.spec.ts
+++ b/ui/src/app/affiliation/affiliations.component.spec.ts
@@ -63,6 +63,7 @@ describe('AffiliationsComponent', () => {
 
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_ADMIN'],
         email: 'email@email.com',
diff --git a/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts b/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts
index ebde7b615..b8574bb00 100644
--- a/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts
+++ b/ui/src/app/affiliation/send-notifications-dialog.component.spec.ts
@@ -68,6 +68,7 @@ describe('SendNotificationsDialogComponent', () => {
   it('should create', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/home/consortium/add-consortium-member.component.spec.ts b/ui/src/app/home/consortium/add-consortium-member.component.spec.ts
index dd06113c6..4ea15b4fe 100644
--- a/ui/src/app/home/consortium/add-consortium-member.component.spec.ts
+++ b/ui/src/app/home/consortium/add-consortium-member.component.spec.ts
@@ -48,6 +48,7 @@ describe('AddConsortiumMemberComponent', () => {
 
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts b/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts
index 5b0ce93c0..a74303696 100644
--- a/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts
+++ b/ui/src/app/home/consortium/remove-consortium-member.component.spec.ts
@@ -48,6 +48,7 @@ describe('RemoveConsortiumMemberComponent', () => {
 
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/home/contact/contact-update.component.spec.ts b/ui/src/app/home/contact/contact-update.component.spec.ts
index e51a6f73d..6d03c28d9 100644
--- a/ui/src/app/home/contact/contact-update.component.spec.ts
+++ b/ui/src/app/home/contact/contact-update.component.spec.ts
@@ -55,6 +55,7 @@ describe('ContactUpdateComponent', () => {
   it('should call getAccountData and getMemberData to get contact data on init', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/home/home.component.spec.ts b/ui/src/app/home/home.component.spec.ts
index cc6db2491..0209e7618 100644
--- a/ui/src/app/home/home.component.spec.ts
+++ b/ui/src/app/home/home.component.spec.ts
@@ -36,6 +36,7 @@ describe('HomeComponent', () => {
   it('should call getMemberData if account data is not null', () => {
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['test', 'test'],
         email: 'email@email.com',
diff --git a/ui/src/app/layout/navbar/navbar.component.spec.ts b/ui/src/app/layout/navbar/navbar.component.spec.ts
index 0ad1af311..0c5dddad9 100644
--- a/ui/src/app/layout/navbar/navbar.component.spec.ts
+++ b/ui/src/app/layout/navbar/navbar.component.spec.ts
@@ -63,6 +63,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER'],
         email: 'email@email.com',
@@ -107,6 +108,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_CONSORTIUM_LEAD'],
         email: 'email@email.com',
@@ -144,6 +146,7 @@ describe('NavbarComponent', () => {
     accountService.getSalesforceId.and.returnValue('sfid')
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ASSERTION_SERVICE_ENABLED'],
         email: 'email@email.com',
diff --git a/ui/src/app/member/members.component.spec.ts b/ui/src/app/member/members.component.spec.ts
index 94854e818..8cbcf7441 100644
--- a/ui/src/app/member/members.component.spec.ts
+++ b/ui/src/app/member/members.component.spec.ts
@@ -43,6 +43,7 @@ describe('MembersComponent', () => {
     memberServiceSpy.query.and.returnValue(of(new MemberPage([new Member('id')], 1)))
     accountServiceSpy.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER'],
         email: 'email@email.com',
diff --git a/ui/src/app/user/user-update.component.spec.ts b/ui/src/app/user/user-update.component.spec.ts
index 68cfdaea2..d60f92155 100644
--- a/ui/src/app/user/user-update.component.spec.ts
+++ b/ui/src/app/user/user-update.component.spec.ts
@@ -38,6 +38,7 @@ describe('UserUpdateComponent', () => {
       'getAccountData',
       'hasAnyAuthority',
       'getSalesforceId',
+      'disableMfa',
     ])
     const alertServiceSpy = jasmine.createSpyObj('AlertService', ['broadcast'])
     const memberServiceSpy = jasmine.createSpyObj('MemberService', ['find'])
@@ -86,6 +87,7 @@ describe('UserUpdateComponent', () => {
     memberService.find.and.returnValue(of(new Member()))
     userService.validate.and.returnValue(of(new UserValidation(true, null)))
     userService.update.and.returnValue(of({}))
+    accountService.disableMfa.and.returnValue(of(true))
     spyOn(router, 'navigate').and.returnValue(Promise.resolve(true))
   })
 
diff --git a/ui/src/app/user/users.component.spec.ts b/ui/src/app/user/users.component.spec.ts
index 7725bf805..e59ee738d 100644
--- a/ui/src/app/user/users.component.spec.ts
+++ b/ui/src/app/user/users.component.spec.ts
@@ -68,6 +68,7 @@ describe('UsersComponent', () => {
 
     accountService.getAccountData.and.returnValue(
       of({
+        id: 'id',
         activated: true,
         authorities: ['ROLE_USER', 'ROLE_ADMIN'],
         email: 'email@email.com',

From 6d2a0375d9eaad658de7182be87fef96143b72ba Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Thu, 20 Feb 2025 18:58:13 +0200
Subject: [PATCH 4/8] improve disablemfa logic

do not send unnecessary request to disable 2fa if already disabled
---
 ui/src/app/user/user-update.component.html | 1 +
 ui/src/app/user/user-update.component.ts   | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/user/user-update.component.html b/ui/src/app/user/user-update.component.html
index 9cf7640ba..889fb7491 100644
--- a/ui/src/app/user/user-update.component.html
+++ b/ui/src/app/user/user-update.component.html
@@ -137,6 +137,7 @@ <h2 class="mb-8 font-size-16">
                   name="twoFactorAuthentication"
                   id="field_twoFactorAuthentication"
                   formControlName="twoFactorAuthentication"
+                  (change)="toggleMfa()"
                 />
                 <label
                   class="form-control-label two-factor-authentication-label"
diff --git a/ui/src/app/user/user-update.component.ts b/ui/src/app/user/user-update.component.ts
index 6379e9957..7bd679d79 100644
--- a/ui/src/app/user/user-update.component.ts
+++ b/ui/src/app/user/user-update.component.ts
@@ -31,6 +31,7 @@ export class UserUpdateComponent {
   showIsAdminCheckbox = false
   currentAccount: any
   validation: any
+  disableMfa = false
 
   editForm = this.fb.group({
     id: new FormControl<string | null>(null),
@@ -233,16 +234,19 @@ export class UserUpdateComponent {
     }
   }
 
+  toggleMfa() {
+    this.disableMfa = !this.editForm.get('twoFactorAuthentication')?.value
+  }
+
   save() {
     if (this.editForm.valid) {
       this.isSaving = true
       const userFromForm = this.createFromForm()
-
       this.userService.validate(userFromForm).subscribe((response) => {
         const data = response
         if (data.valid) {
           if (userFromForm.id !== null) {
-            if (this.hasRoleAdmin() && !userFromForm.mfaEnabled && userFromForm.id) {
+            if (this.hasRoleAdmin() && this.disableMfa && userFromForm.id) {
               this.accountService.disableMfa(userFromForm.id).subscribe()
             }
             if (this.currentAccount.id === userFromForm.id) {

From 9bd63c93f74309c741f22ccf3b2c7db92153a78c Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Thu, 20 Feb 2025 18:58:24 +0200
Subject: [PATCH 5/8] add unit tests

---
 ui/src/app/user/user-update.component.spec.ts | 88 ++++++++++++++++++-
 1 file changed, 86 insertions(+), 2 deletions(-)

diff --git a/ui/src/app/user/user-update.component.spec.ts b/ui/src/app/user/user-update.component.spec.ts
index d60f92155..103c5f91e 100644
--- a/ui/src/app/user/user-update.component.spec.ts
+++ b/ui/src/app/user/user-update.component.spec.ts
@@ -14,6 +14,7 @@ import { FontAwesomeModule } from '@fortawesome/angular-fontawesome'
 import { CUSTOM_ELEMENTS_SCHEMA } from '@angular/core'
 import { RouterTestingModule } from '@angular/router/testing'
 import { of } from 'rxjs'
+import { By } from '@angular/platform-browser'
 
 describe('UserUpdateComponent', () => {
   let component: UserUpdateComponent
@@ -41,7 +42,7 @@ describe('UserUpdateComponent', () => {
       'disableMfa',
     ])
     const alertServiceSpy = jasmine.createSpyObj('AlertService', ['broadcast'])
-    const memberServiceSpy = jasmine.createSpyObj('MemberService', ['find'])
+    const memberServiceSpy = jasmine.createSpyObj('MemberService', ['find', 'getAllMembers'])
     const routerSpy = jasmine.createSpyObj('Router', ['navigate'])
 
     TestBed.configureTestingModule({
@@ -84,6 +85,7 @@ describe('UserUpdateComponent', () => {
         mfaEnabled: false,
       })
     )
+    memberService.getAllMembers.and.returnValue(of([]))
     memberService.find.and.returnValue(of(new Member()))
     userService.validate.and.returnValue(of(new UserValidation(true, null)))
     userService.update.and.returnValue(of({}))
@@ -108,7 +110,84 @@ describe('UserUpdateComponent', () => {
     expect(component.disableSalesForceIdDD()).toBe(true)
   })
 
-  it('should enable salesforceId dropdown for admin users', () => {
+  it('should display disable 2fa checkbox for admins when editing an existing user', () => {
+    activatedRoute.data = of({
+      user: {
+        salesforceId: 'test',
+        id: 'id',
+        email: 'test@test.com',
+        firstName: 'hello',
+        lastName: 'hello',
+        mainContact: false,
+        mfaEnabled: true,
+      } as IUser,
+    })
+    accountService.hasAnyAuthority.and.returnValue(true)
+    fixture.detectChanges()
+    const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
+    expect(twoFactorAuthenticationCheckbox).toBeTruthy()
+    const checkbox = fixture.debugElement.nativeElement.querySelector('#field_twoFactorAuthentication')
+    checkbox.click()
+    component.save()
+    expect(accountService.disableMfa).toHaveBeenCalledWith('id')
+  })
+
+  it('should not disable 2fa if 2fa checkmark remains ticked', () => {
+    activatedRoute.data = of({
+      user: {
+        salesforceId: 'test',
+        id: 'id',
+        email: 'test@test.com',
+        firstName: 'hello',
+        lastName: 'hello',
+        mainContact: false,
+        mfaEnabled: true,
+      } as IUser,
+    })
+    accountService.hasAnyAuthority.and.returnValue(true)
+    fixture.detectChanges()
+    component.save()
+    const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
+    expect(twoFactorAuthenticationCheckbox).toBeTruthy()
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
+  })
+
+  it('should not disable 2fa checkbox if 2fa is not enabled', () => {
+    activatedRoute.data = of({
+      user: {
+        salesforceId: 'test',
+        id: 'id',
+        email: 'test@test.com',
+        firstName: 'hello',
+        lastName: 'hello',
+        mainContact: false,
+        mfaEnabled: false,
+      } as IUser,
+    })
+    accountService.hasAnyAuthority.and.returnValue(true)
+    fixture.detectChanges()
+    component.save()
+    const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
+    expect(twoFactorAuthenticationCheckbox).toBeFalsy()
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
+  })
+
+  it('should not display disable 2fa checkbox for admins when adding a new user', () => {
+    accountService.hasAnyAuthority.and.returnValue(true)
+    fixture.detectChanges()
+    const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
+    expect(twoFactorAuthenticationCheckbox).toBeFalsy()
+  })
+
+  it('should not display disable 2fa checkbox for non-admins when editing an existing user', () => {
+    activatedRoute.data = of({ user: { mfaEnabled: true, id: 'id' } as IUser })
+    accountService.hasAnyAuthority.and.returnValue(false)
+    fixture.detectChanges()
+    const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
+    expect(twoFactorAuthenticationCheckbox).toBeFalsy()
+  })
+
+  it('should display salesforceId dropdown for admin users', () => {
     accountService.hasAnyAuthority.and.returnValue(true)
     fixture.detectChanges()
 
@@ -152,6 +231,7 @@ describe('UserUpdateComponent', () => {
     expect(userService.validate).toHaveBeenCalled()
     expect(userService.create).toHaveBeenCalled()
     expect(userService.update).toHaveBeenCalledTimes(0)
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
     expect(router.navigate).toHaveBeenCalledWith(['/users'])
   })
 
@@ -172,6 +252,7 @@ describe('UserUpdateComponent', () => {
     expect(userService.validate).toHaveBeenCalled()
     expect(userService.create).toHaveBeenCalled()
     expect(userService.update).toHaveBeenCalledTimes(0)
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
     expect(router.navigate).toHaveBeenCalledWith(['/'])
   })
 
@@ -194,6 +275,7 @@ describe('UserUpdateComponent', () => {
     expect(userService.validate).toHaveBeenCalled()
     expect(userService.update).toHaveBeenCalled()
     expect(userService.create).toHaveBeenCalledTimes(0)
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
     expect(router.navigate).toHaveBeenCalledWith(['/users'])
   })
 
@@ -216,6 +298,7 @@ describe('UserUpdateComponent', () => {
     expect(userService.validate).toHaveBeenCalled()
     expect(userService.update).toHaveBeenCalled()
     expect(userService.create).toHaveBeenCalledTimes(0)
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
     expect(router.navigate).toHaveBeenCalledWith(['/'])
   })
 
@@ -239,6 +322,7 @@ describe('UserUpdateComponent', () => {
     expect(userService.validate).toHaveBeenCalled()
     expect(userService.update).toHaveBeenCalled()
     expect(userService.create).toHaveBeenCalledTimes(0)
+    expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
     expect(router.navigate).toHaveBeenCalledWith(['/users'])
   })
 

From 2192f52e8b50f131d90c016e7f20c570dcd18e3e Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Fri, 21 Feb 2025 16:44:09 +0200
Subject: [PATCH 6/8] fix i18n

---
 ui/src/app/user/user-update.component.html | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ui/src/app/user/user-update.component.html b/ui/src/app/user/user-update.component.html
index 889fb7491..8c2985bca 100644
--- a/ui/src/app/user/user-update.component.html
+++ b/ui/src/app/user/user-update.component.html
@@ -117,16 +117,18 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
         <ng-container *ngIf="existentUser && existentUser.id && hasRoleAdmin()">
           <hr class="mb-32 mt-0" />
           <h2 class="mb-8 font-size-16">
-            <ng-container i18n="@@">Two-factor authentication</ng-container>&nbsp;<span
+            <ng-container i18n="@@settings.security.mfa.string">Two-factor authentication</ng-container>&nbsp;<span
               class="mfaOn"
               *ngIf="existentUser.mfaEnabled"
-              >(ON)</span
+              >(<ng-container i18n="@@settings.security.mfaOn.string">ON</ng-container>)</span
+            >
+            <span class="mfaOff" *ngIf="!existentUser.mfaEnabled"
+              >(<ng-container i18n="@@settings.security.mfaOff.string">OFF</ng-container>)</span
             >
-            <span class="mfaOff" *ngIf="!existentUser.mfaEnabled">(OFF)</span>
           </h2>
           <div class="font-size-14">
             <ng-container *ngIf="existentUser.mfaEnabled">
-              <p class="mb-8" i18n="@@">
+              <p class="mb-8" i18n="@@settings.security.disableMfaDescription.string">
                 Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the
                 member portal.
               </p>
@@ -141,7 +143,7 @@ <h2 class="mb-8 font-size-16">
                 />
                 <label
                   class="form-control-label two-factor-authentication-label"
-                  i18n="@@gatewayApp.msUserServiceMSUser"
+                  i18n="@@settings.security.mfa.string"
                   for="field_twoFactorAuthentication"
                   >Two-factor authentication</label
                 >
@@ -150,7 +152,7 @@ <h2 class="mb-8 font-size-16">
             <ng-container *ngIf="!existentUser.mfaEnabled">
               <div class="warning-message d-flex p-16 mb-40 mt-16">
                 <img src="./../../../../content/images/warning-sign.svg" alt="Warning sign" class="p-8" />
-                <div class="font-size-14 wide-text line-height-150">
+                <div class="font-size-14 wide-text line-height-150" i18n="@@settings.security.disabledMfaNotice.string">
                   Users can enable 2FA from their account settings page
                 </div>
               </div>

From c1e34d58b7ada23467b63bad79e0380af4761154 Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Fri, 21 Feb 2025 16:46:51 +0200
Subject: [PATCH 7/8] update i18n files with disable 2fa admin feature

---
 ui/src/i18n/messages.cs.xlf    |  66 ++++++++--
 ui/src/i18n/messages.es.xlf    |  68 +++++++---
 ui/src/i18n/messages.fr.xlf    | 220 +++++++++++++++++++--------------
 ui/src/i18n/messages.it.xlf    | 122 ++++++++++++------
 ui/src/i18n/messages.ja.xlf    |  66 ++++++++--
 ui/src/i18n/messages.ko.xlf    |  68 +++++++---
 ui/src/i18n/messages.pt.xlf    |  66 ++++++++--
 ui/src/i18n/messages.ru.xlf    |  68 +++++++---
 ui/src/i18n/messages.xlf       |  46 ++++++-
 ui/src/i18n/messages.zh-CN.xlf |  66 ++++++++--
 ui/src/i18n/messages.zh-TW.xlf |  66 ++++++++--
 11 files changed, 679 insertions(+), 243 deletions(-)

diff --git a/ui/src/i18n/messages.cs.xlf b/ui/src/i18n/messages.cs.xlf
index 889c297fb..9b90453a4 100644
--- a/ui/src/i18n/messages.cs.xlf
+++ b/ui/src/i18n/messages.cs.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="cs">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="cs" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>E-mailová adresa není zaregistrovaná!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Zkontrolujte ji prosím a zkuste to znovu</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>Přidejte další stupeň zabezpečení do svého účtu členského portálu ORCID povolením dvoufázového ověření. Při každém přihlášení budete vyzváni k zadání šestimístného kódu, který zašleme do vámi preferované ověřovací aplikace.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Nejde vám QR kód naskenovat?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>Heslo nelze znovu nastavit. Nezapomeňte, že žádost o heslo platí pouze 24 hodin.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>Zvací e-mail se nepodařilo odeslat.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>Opravdu chcete převést vlastnictví? Chystáte se převést vlastnictví tohoto účtu organizace. Jste-li vlastníkem organizace, po převodu vlastnictví již nebudete mít přístup k administrátorským funkcím, jako je správa uživatelů.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>Jste si jisti, že chcete zrušit toto přidružení pro <x id="PH" equiv-text="this.affiliation?.email"/>? Přidružení bude odstraněno z portálu a uživatelského záznamu ORCID.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.es.xlf b/ui/src/i18n/messages.es.xlf
index 0134babfd..42b27ca06 100644
--- a/ui/src/i18n/messages.es.xlf
+++ b/ui/src/i18n/messages.es.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="es">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="es" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>¡La dirección de correo electrónico no está registrada!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Compruébalo e inténtalo de nuevo.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>Añada seguridad adicional a su cuenta del portal de miembros de ORCID activando la autenticación de dos factores. Cada vez que inicie sesión, se le pedirá que introduzca un código de seis dígitos que le enviaremos a su aplicación de autenticación preferida.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>¿No puede escanear el código QR?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>No se ha podido restablecer tu contraseña. Recuerde que una solicitud de contraseña solo es válida por 24 horas.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>No se ha podido enviar el correo de invitación.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>¿Está seguro de que desea transferir la propiedad? Está a punto de transferir la propiedad de esta cuenta de organización. Si es el propietario de la organización, tenga en cuenta que, tras transferir la propiedad, ya no tendrá acceso a las funciones administrativas, como la gestión de usuarios.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>¿Está seguro de que desea eliminar esta afiliación de <x id="PH" equiv-text="this.affiliation?.email"/>? La afiliación se eliminará del portal y del registro ORCID del usuario.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4423,7 +4431,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.notifications.description.string" datatype="html">
         <source> Are you sure that you would like ORCID to send permission links to your researchers for the affiliations that are pending? </source>
-        <target>Las notificaciones de permisos se enviarán a todos los investigadores que tengan algún elemento de afiliación con el estado 'Pendiente'.</target>
+        <target>Las notificaciones de permisos se enviarán a todos los investigadores que tengan algún elemento de afiliación con el estado &apos;Pendiente&apos;.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/send-notifications-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -4813,6 +4821,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.fr.xlf b/ui/src/i18n/messages.fr.xlf
index 53768094d..7128991f8 100644
--- a/ui/src/i18n/messages.fr.xlf
+++ b/ui/src/i18n/messages.fr.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="fr">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="fr" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -59,7 +59,7 @@
       </trans-unit>
       <trans-unit id="login.form.mfaCode.prompt.string" datatype="html">
         <source> Please enter the MFA code from your authenticator app </source>
-        <target>Veuillez entrer le code MFA de votre application d'authentification</target>
+        <target>Veuillez entrer le code MFA de votre application d&apos;authentification</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/login/login.component.html</context>
           <context context-type="linenumber">34</context>
@@ -106,8 +106,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>L'adresse e-mail n'est pas enregistrée !<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Veuillez vérifier et réessayer</target>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>L&apos;adresse e-mail n&apos;est pas enregistrée !<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Veuillez vérifier et réessayer</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">7</context>
@@ -115,7 +115,7 @@
       </trans-unit>
       <trans-unit id="reset.request.messages.info.string" datatype="html">
         <source>Enter the email address you used to register.</source>
-        <target>Saisissez l'adresse e-mail que vous avez utilisée pour vous inscrire</target>
+        <target>Saisissez l&apos;adresse e-mail que vous avez utilisée pour vous inscrire</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">11</context>
@@ -123,7 +123,7 @@
       </trans-unit>
       <trans-unit id="reset.request.messages.success.string" datatype="html">
         <source> Check your emails for details on how to reset your password. </source>
-        <target>Vérifiez vos e-mails pour plus d'informations sur la réinitialisation de votre mot de passe.</target>
+        <target>Vérifiez vos e-mails pour plus d&apos;informations sur la réinitialisation de votre mot de passe.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">15</context>
@@ -139,7 +139,7 @@
       </trans-unit>
       <trans-unit id="global.messages.validate.email.invalid.string" datatype="html">
         <source> Your email is invalid. </source>
-        <target>Votre adresse e-mail n'est pas valide.</target>
+        <target>Votre adresse e-mail n&apos;est pas valide.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">50</context>
@@ -187,7 +187,7 @@
       </trans-unit>
       <trans-unit id="password.messages.error.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>An error has occurred!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> The password could not be changed. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Une erreur s'est produite !<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Le mot de passe n'a pas pu être modifié.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Une erreur s&apos;est produite !<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Le mot de passe n&apos;a pas pu être modifié.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password.component.html</context>
           <context context-type="linenumber">15</context>
@@ -478,8 +478,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
-        <target>Ajoutez une sécurité supplémentaire à votre compte du portail des membres ORCID en activant l'authentification à deux facteurs. Chaque fois que vous vous connecterez, vous serez invité à saisir un code à six chiffres que nous enverrons à votre application d'authentification préférée.</target>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <target>Ajoutez une sécurité supplémentaire à votre compte du portail des membres ORCID en activant l&apos;authentification à deux facteurs. Chaque fois que vous vous connecterez, vous serez invité à saisir un code à six chiffres que nous enverrons à votre application d&apos;authentification préférée.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">146</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -503,7 +511,7 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaQrCodeSteps.one.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Install a two-factor authentication app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>A 2FA app is required to create the six-digit code you need to access your account each time you sign in. Most apps are for mobile devices; some are also available as desktop or web-based apps. Download and install your preferred 2FA app, such as <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/>FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> or <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Installer une application d'authentification à deux facteurs<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Une application A2F est nécessaire pour créer le code à six chiffres dont vous avez besoin pour accéder à votre compte à chaque fois que vous vous connectez. La plupart des applications sont destinées aux appareils mobiles ; certaines sont également disponibles en tant qu'applications de bureau ou web. Téléchargez et installez votre application A2F préférée, telle que <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/> FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> ou <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Installer une application d&apos;authentification à deux facteurs<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Une application A2F est nécessaire pour créer le code à six chiffres dont vous avez besoin pour accéder à votre compte à chaque fois que vous vous connectez. La plupart des applications sont destinées aux appareils mobiles ; certaines sont également disponibles en tant qu&apos;applications de bureau ou web. Téléchargez et installez votre application A2F préférée, telle que <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/> FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> ou <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">167</context>
@@ -511,14 +519,14 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaQrCodeSteps.two.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scan this QR code with your device<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Open your 2FA app and scan the image below. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scannez ce code QR avec votre appareil<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Ouvrez votre application A2F et scannez l'image ci-dessous.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scannez ce code QR avec votre appareil<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Ouvrez votre application A2F et scannez l&apos;image ci-dessous.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">176</context>
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Vous ne pouvez pas scanner le code QR ?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -543,7 +551,7 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaTextCodeSteps.one.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Enter the six-digit code from the app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>After scanning the QR code or entering in the text code, your 2FA app will display a six-digit code. Enter this code in the box below and click Save. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Saisissez le code à six chiffres dans l'application<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Après avoir scanné le code QR ou saisi le code texte, votre application A2F affiche un code à six chiffres. Saisissez ce code dans la case ci-dessous et cliquez sur Enregistrer.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Saisissez le code à six chiffres dans l&apos;application<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Après avoir scanné le code QR ou saisi le code texte, votre application A2F affiche un code à six chiffres. Saisissez ce code dans la case ci-dessous et cliquez sur Enregistrer.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">208</context>
@@ -567,7 +575,7 @@
       </trans-unit>
       <trans-unit id="settings.security.backupCodes.string" datatype="html">
         <source> Make a note of the following backup codes, this is the only time they will be shown. </source>
-        <target>Notez les codes de sauvegarde suivants, c'est la seule fois qu'ils seront affichés.</target>
+        <target>Notez les codes de sauvegarde suivants, c&apos;est la seule fois qu&apos;ils seront affichés.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">231</context>
@@ -583,7 +591,7 @@
       </trans-unit>
       <trans-unit id="footer.termsOfUse.string" datatype="html">
         <source>Terms of Use</source>
-        <target>Conditions d'utilisation</target>
+        <target>Conditions d&apos;utilisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/layout/footer/footer.component.html</context>
           <context context-type="linenumber">16</context>
@@ -639,7 +647,7 @@
       </trans-unit>
       <trans-unit id="global.menu.report.integration.string" datatype="html">
         <source>Integration report</source>
-        <target>Rapport d'intégration</target>
+        <target>Rapport d&apos;intégration</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/layout/navbar/navbar.component.html</context>
           <context context-type="linenumber">77</context>
@@ -655,7 +663,7 @@
       </trans-unit>
       <trans-unit id="global.menu.report.affiliation.string" datatype="html">
         <source>Affiliation report</source>
-        <target>Rapport d'affiliation</target>
+        <target>Rapport d&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/layout/navbar/navbar.component.html</context>
           <context context-type="linenumber">101</context>
@@ -767,7 +775,7 @@
       </trans-unit>
       <trans-unit id="error.subtitle.string" datatype="html">
         <source> Sorry, an error has occurred </source>
-        <target>Désolé, une erreur s'est produite</target>
+        <target>Désolé, une erreur s&apos;est produite</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/error/error-alert.component.html</context>
           <context context-type="linenumber">5</context>
@@ -775,7 +783,7 @@
       </trans-unit>
       <trans-unit id="error.http.403.string" datatype="html">
         <source> You are not authorized to access this page. </source>
-        <target>Vous n'êtes pas autorisé à accéder à cette page.</target>
+        <target>Vous n&apos;êtes pas autorisé à accéder à cette page.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/error/error.component.html</context>
           <context context-type="linenumber">11</context>
@@ -783,7 +791,7 @@
       </trans-unit>
       <trans-unit id="error.http.404.string" datatype="html">
         <source>The page does not exist.</source>
-        <target>La page n'existe pas. </target>
+        <target>La page n&apos;existe pas. </target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/error/error.component.html</context>
           <context context-type="linenumber">14</context>
@@ -799,7 +807,7 @@
       </trans-unit>
       <trans-unit id="global.messages.info.authenticated.link.string" datatype="html">
         <source>sign in</source>
-        <target>s'identifier</target>
+        <target>s&apos;identifier</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">59</context>
@@ -814,8 +822,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
-        <target>Votre mot de passe n'a pas pu être réinitialisé. N'oubliez pas qu'une demande de réinitialisation de mot de passe n'est valide que pendant 24 heures.</target>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
+        <target>Votre mot de passe n&apos;a pas pu être réinitialisé. N&apos;oubliez pas qu&apos;une demande de réinitialisation de mot de passe n&apos;est valide que pendant 24 heures.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">43</context>
@@ -831,7 +839,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keyexpired.paragraph1.string" datatype="html">
         <source>ORCID Member Portal activation links are only valid for 24 hours. It looks like this link has expired.</source>
-        <target>Les liens d'activation du portail des membres d'ORCID sont uniquement valides pendant 24 heures. Ce lien semble avoir expiré.</target>
+        <target>Les liens d&apos;activation du portail des membres d&apos;ORCID sont uniquement valides pendant 24 heures. Ce lien semble avoir expiré.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">20</context>
@@ -839,7 +847,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keyexpired.paragraph2.string" datatype="html">
         <source>To make sure you can activate your Member Portal account we have sent a new activation link to your registered email address.</source>
-        <target>Pour que vous puissiez activer votre compte du portail des membres, nous avons envoyé un nouveau lien d'activation à votre adresse e-mail enregistrée.</target>
+        <target>Pour que vous puissiez activer votre compte du portail des membres, nous avons envoyé un nouveau lien d&apos;activation à votre adresse e-mail enregistrée.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">26</context>
@@ -847,7 +855,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keyexpired.paragraph3.string" datatype="html">
         <source>If you are still having problems activating your account or have not received your new activation link please contact us at membership@orcid.org.</source>
-        <target>Si vous rencontrez encore des problèmes pour activer votre compte ou que vous n'avez pas reçu votre lien d'activation, contactez notre équipe d'assistance à l'adresse membership@orcid.org.</target>
+        <target>Si vous rencontrez encore des problèmes pour activer votre compte ou que vous n&apos;avez pas reçu votre lien d&apos;activation, contactez notre équipe d&apos;assistance à l&apos;adresse membership@orcid.org.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">32</context>
@@ -855,7 +863,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keyexpired.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>This activation has expired.<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
-        <target>La clé d'activation est expirée.</target>
+        <target>La clé d&apos;activation est expirée.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">15</context>
@@ -863,7 +871,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keyinvalid.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>This activation key is invalid.<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
-        <target>La clé d'activation est invalide.</target>
+        <target>La clé d&apos;activation est invalide.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">11</context>
@@ -871,7 +879,7 @@
       </trans-unit>
       <trans-unit id="reset.finish.messages.keymissing.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>The activation key is missing.<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
-        <target>La clé d'activation est manquante.</target>
+        <target>La clé d&apos;activation est manquante.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
           <context context-type="linenumber">7</context>
@@ -903,14 +911,14 @@
       </trans-unit>
       <trans-unit id="entity.action.activate.string" datatype="html">
         <source>Resend activation email</source>
-        <target>Renvoyer l'e-mail d'activation</target>
+        <target>Renvoyer l&apos;e-mail d&apos;activation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">107</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1067,7 +1075,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.detail.title.string" datatype="html">
         <source>User details</source>
-        <target>Détails de l'utilisateur</target>
+        <target>Détails de l&apos;utilisateur</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">4</context>
@@ -1187,7 +1195,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.mainContact.string" datatype="html">
         <source>Organization owner</source>
-        <target>Propriétaire de l'organisation</target>
+        <target>Propriétaire de l&apos;organisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">21</context>
@@ -1218,8 +1226,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
-        <target>L'e-mail d'invitation n'a pas pu être envoyé.</target>
+        <source>Invite email couldn&apos;t be sent.</source>
+        <target>L&apos;e-mail d&apos;invitation n&apos;a pas pu être envoyé.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">13</context>
@@ -1323,15 +1331,15 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.changeOwnership.question.string" datatype="html">
         <source>Are you sure you want to transfer ownership? You are about to transfer ownership of this organization account. If you are the organization owner after transferring ownership, you will no longer have access to administrative functions, such as managing users.</source>
-        <target>Êtes-vous sûr(e) de vouloir transférer la propriété ? Vous êtes sur le point de transférer la propriété de ce compte d'organisation. Si vous êtes le propriétaire de l'organisation après le transfert de propriété, vous n'aurez plus accès aux fonctions d'administrateur, telles que la gestion des utilisateurs.</target>
+        <target>Êtes-vous sûr(e) de vouloir transférer la propriété ? Vous êtes sur le point de transférer la propriété de ce compte d&apos;organisation. Si vous êtes le propriétaire de l&apos;organisation après le transfert de propriété, vous n&apos;aurez plus accès aux fonctions d&apos;administrateur, telles que la gestion des utilisateurs.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
         <source>Are you sure you want to delete user <x id="PH" equiv-text="this.user?.email"/>?</source>
-        <target>Êtes-vous sûr(e) de vouloir supprimer l'utilisateur <x id="PH" equiv-text="this.user?.email"/> ?</target>
+        <target>Êtes-vous sûr(e) de vouloir supprimer l&apos;utilisateur <x id="PH" equiv-text="this.user?.email"/> ?</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-delete.component.ts</context>
           <context context-type="linenumber">44</context>
@@ -1355,7 +1363,7 @@
       </trans-unit>
       <trans-unit id="userServiceApp.user.deleted.string" datatype="html">
         <source>User deleted successfully</source>
-        <target>L'utilisateur a bien été supprimé</target>
+        <target>L&apos;utilisateur a bien été supprimé</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">19</context>
@@ -1391,7 +1399,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.import.errors.label.string" datatype="html">
         <source> Oops! There was a problem processing your data. Pleases fix the errors below and try again </source>
-        <target>Oups ! Une erreur s'est produite dans le traitement de vos données. Veuillez corriger les erreurs ci-dessous et réessayer</target>
+        <target>Oups ! Une erreur s&apos;est produite dans le traitement de vos données. Veuillez corriger les erreurs ci-dessous et réessayer</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-import-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -1431,7 +1439,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.affiliationData.string" datatype="html">
         <source>Affiliation Data</source>
-        <target>Données d'affiliation</target>
+        <target>Données d&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">143</context>
@@ -1455,7 +1463,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.email.string" datatype="html">
         <source>Email</source>
-        <target>Adresse e-mail de l'utilisateur</target>
+        <target>Adresse e-mail de l&apos;utilisateur</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">13</context>
@@ -1479,7 +1487,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.home.forHelpTroubleshooting.string" datatype="html">
         <source> For help troubleshooting, please contact the Member Portal Team and copy/paste or include a screenshot of the error message below. </source>
-        <target>Pour obtenir de l'aide en cas de problème, veuillez contacter l'équipe du portail des membres et copier-coller ci-dessous le message d'erreur ou en joindre une capture d'écran.</target>
+        <target>Pour obtenir de l&apos;aide en cas de problème, veuillez contacter l&apos;équipe du portail des membres et copier-coller ci-dessous le message d&apos;erreur ou en joindre une capture d&apos;écran.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">203</context>
@@ -1503,7 +1511,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.home.permissionNotificationsLabel.string" datatype="html">
         <source> Send permission notifications </source>
-        <target>Envoyer des notifications d'autorisation</target>
+        <target>Envoyer des notifications d&apos;autorisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">11</context>
@@ -1519,7 +1527,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.home.uploadLabel.string" datatype="html">
         <source> Import affiliations from CSV </source>
-        <target>Importer des affiliations à partir d'un CSV</target>
+        <target>Importer des affiliations à partir d&apos;un CSV</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">51</context>
@@ -1547,7 +1555,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.reports.affiliationsForEdit.confirmation.string" datatype="html">
         <source> Your affiliations for edit file will be mailed to you shortly. If you do not receive your file then please contact us at membership@orcid.org. </source>
-        <target>Vos affiliations pour le fichier d'édition vous seront envoyées sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
+        <target>Vos affiliations pour le fichier d&apos;édition vous seront envoyées sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">73</context>
@@ -1555,7 +1563,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.reports.affiliationsReport.button.string" datatype="html">
         <source> Request affiliation status report </source>
-        <target>Demander un rapport sur l'état de l'affiliation</target>
+        <target>Demander un rapport sur l&apos;état de l&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">31</context>
@@ -1563,7 +1571,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.reports.affiliationsReport.confirmation.string" datatype="html">
         <source> Your affiliation status report file will be mailed to you shortly. If you do not receive your file then please contact us at membership@orcid.org. </source>
-        <target>Votre fichier de rapport d'état d'affiliation vous sera envoyé sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
+        <target>Votre fichier de rapport d&apos;état d&apos;affiliation vous sera envoyé sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">82</context>
@@ -1571,7 +1579,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.reports.links.button.string" datatype="html">
         <source> Request permission links </source>
-        <target>Demander des liens d'autorisation</target>
+        <target>Demander des liens d&apos;autorisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">21</context>
@@ -1579,7 +1587,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.reports.links.confirmation.string" datatype="html">
         <source> Your permission links file will be mailed to you shortly. If you do not receive your file then please contact us at membership@orcid.org. </source>
-        <target>Votre fichier de liens d'autorisation vous sera envoyé sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
+        <target>Votre fichier de liens d&apos;autorisation vous sera envoyé sous peu. Si vous ne recevez pas votre fichier, veuillez nous contacter à membership@orcid.org.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">91</context>
@@ -1599,7 +1607,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.errorAddingToOrcid.string" datatype="html">
         <source>Error adding to ORCID</source>
-        <target>Erreur lors de l'ajout à ORCID</target>
+        <target>Erreur lors de l&apos;ajout à ORCID</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">50</context>
@@ -1663,7 +1671,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.pendingRetryInOrcid.string" datatype="html">
         <source>Pending retry in ORCID</source>
-        <target>En attente d'une nouvelle tentative dans ORCID</target>
+        <target>En attente d&apos;une nouvelle tentative dans ORCID</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">54</context>
@@ -1679,7 +1687,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.userDeletedFromOrcid.string" datatype="html">
         <source>User deleted from ORCID</source>
-        <target>Suppression d'ORCID par l'utilisateur</target>
+        <target>Suppression d&apos;ORCID par l&apos;utilisateur</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">46</context>
@@ -1687,7 +1695,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.userDeniedAccess.string" datatype="html">
         <source>User denied access</source>
-        <target>L'utilisateur a refusé l'accès</target>
+        <target>L&apos;utilisateur a refusé l&apos;accès</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">38</context>
@@ -1695,7 +1703,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.userGrantedAccess.string" datatype="html">
         <source>User granted access</source>
-        <target>L'utilisateur a accordé l'accès</target>
+        <target>L&apos;utilisateur a accordé l&apos;accès</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">44</context>
@@ -1703,7 +1711,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionStatus.userRevokedAccess.string" datatype="html">
         <source>User revoked access</source>
-        <target>L'utilisateur a revoqué l'accès</target>
+        <target>L&apos;utilisateur a revoqué l&apos;accès</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">48</context>
@@ -2055,7 +2063,7 @@
       </trans-unit>
       <trans-unit id="country.CI.string" datatype="html">
         <source>Côte d’Ivoire</source>
-        <target>Côte d'Ivoire</target>
+        <target>Côte d&apos;Ivoire</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">201</context>
@@ -2551,7 +2559,7 @@
       </trans-unit>
       <trans-unit id="country.IO.string" datatype="html">
         <source>British Indian Ocean Territory</source>
-        <target>Territoire britannique de l'océan Indien</target>
+        <target>Territoire britannique de l&apos;océan Indien</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">325</context>
@@ -3783,7 +3791,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.adminId.string" datatype="html">
         <source>Admin Id</source>
-        <target>Identifiant de l'administrateur</target>
+        <target>Identifiant de l&apos;administrateur</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">144</context>
@@ -3791,7 +3799,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.affiliationSection.string" datatype="html">
         <source> Affiliation Section </source>
-        <target>Type d'affiliation</target>
+        <target>Type d&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">49</context>
@@ -3847,7 +3855,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.detail.title.string" datatype="html">
         <source>Affiliation details</source>
-        <target>Détails de l'affiliation</target>
+        <target>Détails de l&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">4</context>
@@ -3955,7 +3963,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.permissionLink.string" datatype="html">
         <source> Permission link </source>
-        <target>Lien de l'autorisation</target>
+        <target>Lien de l&apos;autorisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">25</context>
@@ -3991,7 +3999,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.uploadNote.string" datatype="html">
         <source>Please do not forget to download and send permission links to your researchers once the upload has completed.</source>
-        <target>Remarque : veuillez penser à télécharger et envoyer les liens d'autorisation à vos chercheurs une fois que le téléchargement sera terminé.</target>
+        <target>Remarque : veuillez penser à télécharger et envoyer les liens d&apos;autorisation à vos chercheurs une fois que le téléchargement sera terminé.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-import-dialog.component.html</context>
           <context context-type="linenumber">55</context>
@@ -4107,7 +4115,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.import.emptyFile.string" datatype="html">
         <source>There is no file to upload. Please select one.</source>
-        <target>Il n'y a aucun fichier à transférer. Veuillez en sélectionner un.</target>
+        <target>Il n&apos;y a aucun fichier à transférer. Veuillez en sélectionner un.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-import-dialog.component.ts</context>
           <context context-type="linenumber">60</context>
@@ -4123,7 +4131,7 @@
       </trans-unit>
       <trans-unit id="entity.validation.disambiguatedOrgId.string" datatype="html">
         <source> This field is required. GRID Organization ID should start with &quot;grid.&quot;, RINGGOLD Organization ID should be a number, ROR IDs must be 9 characters, beginning with 0 </source>
-        <target>Ce champ est obligatoire. L'identifiant d'organisation GRID doit commencer par « grid » (par ex., grid.12344) ou doit être une URL GRID valide. L'identifiant d'organisation RINGGOLD doit être un numéro.</target>
+        <target>Ce champ est obligatoire. L&apos;identifiant d&apos;organisation GRID doit commencer par « grid » (par ex., grid.12344) ou doit être une URL GRID valide. L&apos;identifiant d&apos;organisation RINGGOLD doit être un numéro.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">230</context>
@@ -4215,7 +4223,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.disambiguatedOrgId.string" datatype="html">
         <source>Organization ID</source>
-        <target>Identifiant de l'organisation</target>
+        <target>Identifiant de l&apos;organisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">208</context>
@@ -4223,7 +4231,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.disambiguationSource.string" datatype="html">
         <source>Organization ID Source</source>
-        <target>Source de l'identifiant de l'organisation</target>
+        <target>Source de l&apos;identifiant de l&apos;organisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">176</context>
@@ -4247,7 +4255,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.endYear.string" datatype="html">
         <source>End Year</source>
-        <target>De fin d'année</target>
+        <target>De fin d&apos;année</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">350</context>
@@ -4255,7 +4263,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.externalIdType.string" datatype="html">
         <source>External Id Type</source>
-        <target>Type d'identifiant externe</target>
+        <target>Type d&apos;identifiant externe</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">406</context>
@@ -4263,7 +4271,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.externalIdUrl.string" datatype="html">
         <source>External Id Url</source>
-        <target>URL d'identifiant externe</target>
+        <target>URL d&apos;identifiant externe</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">436</context>
@@ -4307,7 +4315,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.orgName.string" datatype="html">
         <source>Organization Name</source>
-        <target>Nom de l'organisation</target>
+        <target>Nom de l&apos;organisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">75</context>
@@ -4347,7 +4355,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.updateNote.string" datatype="html">
         <source>Please do not forget to download and send permission links to your researcher once the assertion has been saved.</source>
-        <target>Remarque : veuillez penser à télécharger et envoyer les liens d'autorisation à votre chercheur une fois que l'assertion aura été enregistrée.</target>
+        <target>Remarque : veuillez penser à télécharger et envoyer les liens d&apos;autorisation à votre chercheur une fois que l&apos;assertion aura été enregistrée.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">452</context>
@@ -4383,7 +4391,7 @@
       </trans-unit>
       <trans-unit id="assertionServiceApp.affiliation.problemDeleting.string" datatype="html">
         <source>There was a problem deleting the affiliation</source>
-        <target>Il y a eu un problème lors de la suppression de l'affiliation</target>
+        <target>Il y a eu un problème lors de la suppression de l&apos;affiliation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">33</context>
@@ -4406,8 +4414,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
-        <target>Voulez-vous vraiment supprimer cette affiliation pour <x id="PH" equiv-text="this.affiliation?.email"/>? L'affiliation sera supprimée du portail et du dossier ORCID de l'utilisateur.</target>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
+        <target>Voulez-vous vraiment supprimer cette affiliation pour <x id="PH" equiv-text="this.affiliation?.email"/>? L&apos;affiliation sera supprimée du portail et du dossier ORCID de l&apos;utilisateur.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
           <context context-type="linenumber">40</context>
@@ -4423,7 +4431,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.notifications.description.string" datatype="html">
         <source> Are you sure that you would like ORCID to send permission links to your researchers for the affiliations that are pending? </source>
-        <target>Des notifications d'autorisation seront envoyées à tous vos chercheurs ayant un élément d'affiliation avec comme statut « En attente ».</target>
+        <target>Des notifications d&apos;autorisation seront envoyées à tous vos chercheurs ayant un élément d&apos;affiliation avec comme statut « En attente ».</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/send-notifications-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -4463,7 +4471,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.notifications.title.string" datatype="html">
         <source> Send permission notifications </source>
-        <target>Envoyer des notifications d'autorisation</target>
+        <target>Envoyer des notifications d&apos;autorisation</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/send-notifications-dialog.component.html</context>
           <context context-type="linenumber">3</context>
@@ -4507,7 +4515,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSMember.clientId.note.string" datatype="html">
         <source>Note: Client ID must have member OBO enabled AND</source>
-        <target>Note : l'ID client doit avoir l'OBO membre activé ET</target>
+        <target>Note : l&apos;ID client doit avoir l&apos;OBO membre activé ET</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/member/member-update.component.html</context>
           <context context-type="linenumber">121</context>
@@ -4663,7 +4671,7 @@
       </trans-unit>
       <trans-unit id="landingPage.connectionExists.differentUser.string" datatype="html">
         <source>This authorization link has already been used. Please contact <x id="PH" equiv-text="this.clientName"/> for a new authorization link.</source>
-        <target>Ce lien d'autorisation a déjà été utilisé. Veuillez contacter <x id="PH" equiv-text="this.clientName"/> pour obtenir un nouveau lien d'autorisation.</target>
+        <target>Ce lien d&apos;autorisation a déjà été utilisé. Veuillez contacter <x id="PH" equiv-text="this.clientName"/> pour obtenir un nouveau lien d&apos;autorisation.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.ts</context>
           <context context-type="linenumber">79</context>
@@ -4695,7 +4703,7 @@
       </trans-unit>
       <trans-unit id="landingPage.denied.ifThisWas.string" datatype="html">
         <source> If this was a mistake, click the button below to grant access. </source>
-        <target>Si c'est une erreur, cliquez sur le bouton ci-dessous pour autoriser l'accès.</target>
+        <target>Si c&apos;est une erreur, cliquez sur le bouton ci-dessous pour autoriser l&apos;accès.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.html</context>
           <context context-type="linenumber">45</context>
@@ -4711,7 +4719,7 @@
       </trans-unit>
       <trans-unit id="landingPage.denied.youHaveDenied.string" datatype="html">
         <source>Oops, you have denied access.</source>
-        <target>Oups, vous avez refusé l'accès.</target>
+        <target>Oups, vous avez refusé l&apos;accès.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.html</context>
           <context context-type="linenumber">39</context>
@@ -4719,7 +4727,7 @@
       </trans-unit>
       <trans-unit id="landingPage.error.somethingWentWrong.string" datatype="html">
         <source> Oops, something went wrong and we were not able to fetch your ORCID iD </source>
-        <target>Oups, une erreur s'est produite, et nous n'avons pas été mesure de récupérer votre identifiant ORCID.</target>
+        <target>Oups, une erreur s&apos;est produite, et nous n&apos;avons pas été mesure de récupérer votre identifiant ORCID.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.html</context>
           <context context-type="linenumber">33</context>
@@ -4743,7 +4751,7 @@
       </trans-unit>
       <trans-unit id="landingPage.success.youHaveSuccessfully.string" datatype="html">
         <source>You have successfully granted <x id="PH" equiv-text="this.clientName"/> permission to update your ORCID record, and your record has been updated with affiliation information.</source>
-        <target>Vous avez accordé avec succès à <x id="PH" equiv-text="this.clientName"/> l'autorisation de mettre à jour votre dossier ORCID, et votre dossier a été mis à jour avec les données d'affiliation.</target>
+        <target>Vous avez accordé avec succès à <x id="PH" equiv-text="this.clientName"/> l&apos;autorisation de mettre à jour votre dossier ORCID, et votre dossier a été mis à jour avec les données d&apos;affiliation.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.ts</context>
           <context context-type="linenumber">81</context>
@@ -4767,7 +4775,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSMember.import.errors.label.string" datatype="html">
         <source> Oops! There was a problem processing your data. Pleases fix the errors below and try again </source>
-        <target>Oups ! Une erreur s'est produite dans le traitement de vos données. Veuillez corriger les erreurs ci-dessous et réessayer</target>
+        <target>Oups ! Une erreur s&apos;est produite dans le traitement de vos données. Veuillez corriger les erreurs ci-dessous et réessayer</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/member/member-import-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -4775,7 +4783,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSMember.import.filePath.string" datatype="html">
         <source>File Path</source>
-        <target>Chemin d'accès au fichier</target>
+        <target>Chemin d&apos;accès au fichier</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/member/member-import-dialog.component.html</context>
           <context context-type="linenumber">40</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.it.xlf b/ui/src/i18n/messages.it.xlf
index 077d3d69d..ed4d92463 100644
--- a/ui/src/i18n/messages.it.xlf
+++ b/ui/src/i18n/messages.it.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="it">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="it" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,8 +106,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>L'indirizzo e-mail non è registrato!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Controlla e riprova</target>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>L&apos;indirizzo e-mail non è registrato!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Controlla e riprova</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">7</context>
@@ -115,7 +115,7 @@
       </trans-unit>
       <trans-unit id="reset.request.messages.info.string" datatype="html">
         <source>Enter the email address you used to register.</source>
-        <target>Inserisci l'indirizzo e-mail che hai usato per registrarti </target>
+        <target>Inserisci l&apos;indirizzo e-mail che hai usato per registrarti </target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
           <context context-type="linenumber">11</context>
@@ -478,8 +478,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
-        <target>Aggiungi ulteriore sicurezza al tuo account del portale membri ORCID abilitando l'autenticazione a due fattori. Ogni volta che accedi, ti verrà chiesto di inserire un codice a sei cifre che verrà inviato all'applicazione di autenticazione preferita.</target>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <target>Aggiungi ulteriore sicurezza al tuo account del portale membri ORCID abilitando l&apos;autenticazione a due fattori. Ogni volta che accedi, ti verrà chiesto di inserire un codice a sei cifre che verrà inviato all&apos;applicazione di autenticazione preferita.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">146</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -503,7 +511,7 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaQrCodeSteps.one.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Install a two-factor authentication app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>A 2FA app is required to create the six-digit code you need to access your account each time you sign in. Most apps are for mobile devices; some are also available as desktop or web-based apps. Download and install your preferred 2FA app, such as <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/>FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> or <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Installa un'app di autenticazione a due fattori<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>È necessaria un'app 2FA per creare il codice a sei cifre necessario per aprire il tuo account ogni volta che effettui l'accesso. La maggior parte di queste app sono per dispositivi mobili, ma alcune di esse sono disponibili anche come applicazione per desktop o web app. Scarica e installa la tua app 2FA preferita, come <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/> FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> o <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Installa un&apos;app di autenticazione a due fattori<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>È necessaria un&apos;app 2FA per creare il codice a sei cifre necessario per aprire il tuo account ogni volta che effettui l&apos;accesso. La maggior parte di queste app sono per dispositivi mobili, ma alcune di esse sono disponibili anche come applicazione per desktop o web app. Scarica e installa la tua app 2FA preferita, come <x id="START_LINK" ctype="x-a" equiv-text="&lt;a href=&quot;https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&quot; &gt;"/>Google Authenticator<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>, <x id="START_LINK_1" equiv-text="&lt;a href=&quot;https://freeotp.github.io/&quot;&gt;"/> FreeOTP<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/> o <x id="START_LINK_2" equiv-text="&lt;a href=&quot;https://authy.com/&quot;&gt;"/>Authy<x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">167</context>
@@ -511,14 +519,14 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaQrCodeSteps.two.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scan this QR code with your device<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Open your 2FA app and scan the image below. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scansiona questo codice QR con il tuo dispositivo<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Apri la tua app 2FA e scansiona l'immagine qui sotto.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Scansiona questo codice QR con il tuo dispositivo<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Apri la tua app 2FA e scansiona l&apos;immagine qui sotto.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">176</context>
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Non riesci a scansionare il codice QR?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -543,7 +551,7 @@
       </trans-unit>
       <trans-unit id="settings.security.mfaTextCodeSteps.one.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Enter the six-digit code from the app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>After scanning the QR code or entering in the text code, your 2FA app will display a six-digit code. Enter this code in the box below and click Save. </source>
-        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Inserisci il codice a sei cifre fornito dalla app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Dopo aver scansionato il codice QR o inserito il codice di testo, l'app 2FA visualizzerà un codice a sei cifre. Inserisci questo codice nella casella sottostante e fai clic su Salva.</target>
+        <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Inserisci il codice a sei cifre fornito dalla app<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/><x id="LINE_BREAK" ctype="lb" equiv-text="&lt;br /&gt;"/>Dopo aver scansionato il codice QR o inserito il codice di testo, l&apos;app 2FA visualizzerà un codice a sei cifre. Inserisci questo codice nella casella sottostante e fai clic su Salva.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">208</context>
@@ -567,7 +575,7 @@
       </trans-unit>
       <trans-unit id="settings.security.backupCodes.string" datatype="html">
         <source> Make a note of the following backup codes, this is the only time they will be shown. </source>
-        <target>Annota i seguenti codici di backup, questa è l'unica volta in cui verranno mostrati.</target>
+        <target>Annota i seguenti codici di backup, questa è l&apos;unica volta in cui verranno mostrati.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">231</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>Impossibile ripristinare la tua password. Ti ricordiamo che la richiesta della password è valida solo per 24 ore.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -903,14 +911,14 @@
       </trans-unit>
       <trans-unit id="entity.action.activate.string" datatype="html">
         <source>Resend activation email</source>
-        <target>Invia nuovamente l'email di attivazione</target>
+        <target>Invia nuovamente l&apos;email di attivazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">107</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1067,7 +1075,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.detail.title.string" datatype="html">
         <source>User details</source>
-        <target>Dettagli dell'utente</target>
+        <target>Dettagli dell&apos;utente</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">4</context>
@@ -1187,7 +1195,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.mainContact.string" datatype="html">
         <source>Organization owner</source>
-        <target>Proprietario dell'organizzazione</target>
+        <target>Proprietario dell&apos;organizzazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-detail.component.html</context>
           <context context-type="linenumber">21</context>
@@ -1218,8 +1226,8 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
-        <target>Impossibile inviare l'email di invito.</target>
+        <source>Invite email couldn&apos;t be sent.</source>
+        <target>Impossibile inviare l&apos;email di invito.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">13</context>
@@ -1323,15 +1331,15 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.changeOwnership.question.string" datatype="html">
         <source>Are you sure you want to transfer ownership? You are about to transfer ownership of this organization account. If you are the organization owner after transferring ownership, you will no longer have access to administrative functions, such as managing users.</source>
-        <target>Sei sicuro di voler trasferire la proprietà? Stai per trasferire la proprietà di questo account dell'organizzazione. Se sei il proprietario dell'organizzazione dopo aver trasferito la proprietà, non avrai più accesso alle funzioni di amministrazione, come la gestione degli utenti.</target>
+        <target>Sei sicuro di voler trasferire la proprietà? Stai per trasferire la proprietà di questo account dell&apos;organizzazione. Se sei il proprietario dell&apos;organizzazione dopo aver trasferito la proprietà, non avrai più accesso alle funzioni di amministrazione, come la gestione degli utenti.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
         <source>Are you sure you want to delete user <x id="PH" equiv-text="this.user?.email"/>?</source>
-        <target>Sei sicuro di voler eliminare l'utente <x id="PH" equiv-text="this.user?.email"/>? </target>
+        <target>Sei sicuro di voler eliminare l&apos;utente <x id="PH" equiv-text="this.user?.email"/>? </target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-delete.component.ts</context>
           <context context-type="linenumber">44</context>
@@ -1347,7 +1355,7 @@
       </trans-unit>
       <trans-unit id="userServiceApp.user.updated.string" datatype="html">
         <source>User updated successfully</source>
-        <target>Aggiornamento dell'utente riuscito</target>
+        <target>Aggiornamento dell&apos;utente riuscito</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">17</context>
@@ -1379,7 +1387,7 @@
       </trans-unit>
       <trans-unit id="entity.delete.title.string" datatype="html">
         <source>Confirm deletion</source>
-        <target>Conferma l'eliminazione</target>
+        <target>Conferma l&apos;eliminazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.html</context>
           <context context-type="linenumber">3</context>
@@ -1391,7 +1399,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.import.errors.label.string" datatype="html">
         <source> Oops! There was a problem processing your data. Pleases fix the errors below and try again </source>
-        <target>Oops! Si è verificato un problema durante l'elaborazione dei dati. Correggi gli errori indicati qui di seguito e riprova</target>
+        <target>Oops! Si è verificato un problema durante l&apos;elaborazione dei dati. Correggi gli errori indicati qui di seguito e riprova</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-import-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -1479,7 +1487,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.home.forHelpTroubleshooting.string" datatype="html">
         <source> For help troubleshooting, please contact the Member Portal Team and copy/paste or include a screenshot of the error message below. </source>
-        <target>Se hai bisogno di aiuto per risolvere questo problema, contatta il tuo responsabile di consorzio oppure usa l'indirizzo membership@orcid.org. Allega uno screenshot del messaggio di errore qui sotto.</target>
+        <target>Se hai bisogno di aiuto per risolvere questo problema, contatta il tuo responsabile di consorzio oppure usa l&apos;indirizzo membership@orcid.org. Allega uno screenshot del messaggio di errore qui sotto.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliations.component.html</context>
           <context context-type="linenumber">203</context>
@@ -3847,7 +3855,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.detail.title.string" datatype="html">
         <source>Affiliation details</source>
-        <target>Dettagli sull'affiliazione</target>
+        <target>Dettagli sull&apos;affiliazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-detail.component.html</context>
           <context context-type="linenumber">4</context>
@@ -3907,7 +3915,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.import.successMessage.string" datatype="html">
         <source>Your CSV has been uploaded for processing. We will let you know via email once the file has been processed.</source>
-        <target>Il tuo CSV è stato caricato per l'elaborazione. Ti comunicheremo via email l'avvenuta elaborazione.</target>
+        <target>Il tuo CSV è stato caricato per l&apos;elaborazione. Ti comunicheremo via email l&apos;avvenuta elaborazione.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-import-dialog.component.html</context>
           <context context-type="linenumber">13</context>
@@ -4123,7 +4131,7 @@
       </trans-unit>
       <trans-unit id="entity.validation.disambiguatedOrgId.string" datatype="html">
         <source> This field is required. GRID Organization ID should start with &quot;grid.&quot;, RINGGOLD Organization ID should be a number, ROR IDs must be 9 characters, beginning with 0 </source>
-        <target>Questo campo è obbligatorio. L'ID organizzazione GRID deve iniziare con grid., ad esempio grid.12344, o deve essere un URL grid valido, l'ID organizzazione RINGGOLD deve essere un numero. Gli ID ROR devono essere composti da 9 caratteri e iniziare con 0.</target>
+        <target>Questo campo è obbligatorio. L&apos;ID organizzazione GRID deve iniziare con grid., ad esempio grid.12344, o deve essere un URL grid valido, l&apos;ID organizzazione RINGGOLD deve essere un numero. Gli ID ROR devono essere composti da 9 caratteri e iniziare con 0.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">230</context>
@@ -4307,7 +4315,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.orgName.string" datatype="html">
         <source>Organization Name</source>
-        <target>Nome dell'organizzazione</target>
+        <target>Nome dell&apos;organizzazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">75</context>
@@ -4347,7 +4355,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.updateNote.string" datatype="html">
         <source>Please do not forget to download and send permission links to your researcher once the assertion has been saved.</source>
-        <target>Nota: non dimenticare di scaricare e inviare i collegamenti di autorizzazione al tuo ricercatore una volta che l'asserzione è stata salvata.</target>
+        <target>Nota: non dimenticare di scaricare e inviare i collegamenti di autorizzazione al tuo ricercatore una volta che l&apos;asserzione è stata salvata.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-update.component.html</context>
           <context context-type="linenumber">452</context>
@@ -4383,7 +4391,7 @@
       </trans-unit>
       <trans-unit id="assertionServiceApp.affiliation.problemDeleting.string" datatype="html">
         <source>There was a problem deleting the affiliation</source>
-        <target>C'è stato un problema nella cancellazione dell'affiliazione</target>
+        <target>C&apos;è stato un problema nella cancellazione dell&apos;affiliazione</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">33</context>
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>Vuoi davvero eliminare questa affiliazione per <x id="PH" equiv-text="this.affiliation?.email"/>? L’affiliazione verrà eliminata dal portale e dal record ORCID dell’utente.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4507,7 +4515,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSMember.clientId.note.string" datatype="html">
         <source>Note: Client ID must have member OBO enabled AND</source>
-        <target>Nota: l'ID cliente deve avere Membro OBO abilitato E</target>
+        <target>Nota: l&apos;ID cliente deve avere Membro OBO abilitato E</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/member/member-update.component.html</context>
           <context context-type="linenumber">121</context>
@@ -4695,7 +4703,7 @@
       </trans-unit>
       <trans-unit id="landingPage.denied.ifThisWas.string" datatype="html">
         <source> If this was a mistake, click the button below to grant access. </source>
-        <target>Se si è trattato di un errore, fai clic sul pulsante in basso per concedere l'accesso.</target>
+        <target>Se si è trattato di un errore, fai clic sul pulsante in basso per concedere l&apos;accesso.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.html</context>
           <context context-type="linenumber">45</context>
@@ -4711,7 +4719,7 @@
       </trans-unit>
       <trans-unit id="landingPage.denied.youHaveDenied.string" datatype="html">
         <source>Oops, you have denied access.</source>
-        <target>Ops, l'accesso ti è stato negato.</target>
+        <target>Ops, l&apos;accesso ti è stato negato.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.html</context>
           <context context-type="linenumber">39</context>
@@ -4743,7 +4751,7 @@
       </trans-unit>
       <trans-unit id="landingPage.success.youHaveSuccessfully.string" datatype="html">
         <source>You have successfully granted <x id="PH" equiv-text="this.clientName"/> permission to update your ORCID record, and your record has been updated with affiliation information.</source>
-        <target>Hai concesso correttamente l'autorizzazione a <x id="PH" equiv-text="this.clientName"/> per aggiornare il tuo archivio ORCID e quest'ultimo sarà aggiornato con le informazioni di affiliazione. </target>
+        <target>Hai concesso correttamente l&apos;autorizzazione a <x id="PH" equiv-text="this.clientName"/> per aggiornare il tuo archivio ORCID e quest&apos;ultimo sarà aggiornato con le informazioni di affiliazione. </target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/landing-page/landing-page.component.ts</context>
           <context context-type="linenumber">81</context>
@@ -4767,7 +4775,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSMember.import.errors.label.string" datatype="html">
         <source> Oops! There was a problem processing your data. Pleases fix the errors below and try again </source>
-        <target>Oops! Si è verificato un problema durante l'elaborazione dei dati. Correggi gli errori indicati qui di seguito e riprova</target>
+        <target>Oops! Si è verificato un problema durante l&apos;elaborazione dei dati. Correggi gli errori indicati qui di seguito e riprova</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/member/member-import-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.ja.xlf b/ui/src/i18n/messages.ja.xlf
index ff28cea09..e0caa38a3 100644
--- a/ui/src/i18n/messages.ja.xlf
+++ b/ui/src/i18n/messages.ja.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="ja">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="ja" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/> Eメールアドレスが登録されていません！<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> 確認して、もう一度やり直してください</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target> 2段階認証を有効にして、ORCIDメンバーポータルアカウントにさらなるセキュリティ対策を追加しましょう。サインインをするたびに、ご希望の認証アプリケーションに送信される6桁のコードを入力するように要求されます。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/> QRコードのスキャンができませんか？<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>パスワードがリセットできませんでした。パスワードの要求は 24 時間に限り有効であることにご留意ください。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>招待Eメールを送信できませんでした。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target> 所有権を本当に移転しますか。こちらの組織アカウントの所有権を移転しようとしています。所有権移転後にも組織の所有者である場合には、ユーザー管理といった管理機能にアクセスすることはもうできなくなります。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target><x id="PH" equiv-text="this.affiliation?.email"/>のこのアフィリエーション を削除しますか？ポータルとユーザーのORCIDレコードからアフィリエーション が削除されます。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.ko.xlf b/ui/src/i18n/messages.ko.xlf
index 0f5bcd1f3..eda235405 100644
--- a/ui/src/i18n/messages.ko.xlf
+++ b/ui/src/i18n/messages.ko.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="ko">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="ko" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>이메일 주소가 등록되지 않았습니다!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> 확인하여 다시 시도해 주세요.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>2단계 인증을 활성화해 ORCID 회원 포털 계정의 보안을 강화하세요. 로그인할 때마다 선택하신 인증 어플리케이션에 전송된 6자리 코드를 입력해야 합니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>QR 코드를 스캔할 수 없으신가요?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>비밀번호를 초기화할 수 없습니다. 비밀번호 요청은 24시간 동안만 유효합니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>초대 이메일을 보낼 수 없습니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>소유권을 정말 이전하시겠습니까? 이 조직 계정의 소유권을 이전하려고 합니다. 소유권 이전 후 조직 소유자인 경우 더 이상 사용자 관리와 같은 관리 기능에 액세스할 수 없습니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target><x id="PH" equiv-text="this.affiliation?.email"/>에 대한 이 제휴를 정말 삭제하시겠습니까? 포털 및 사용자의 ORCID 기록에서 제휴가 삭제됩니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4423,7 +4431,7 @@
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.notifications.description.string" datatype="html">
         <source> Are you sure that you would like ORCID to send permission links to your researchers for the affiliations that are pending? </source>
-        <target>'대기 중' 상태인 제휴 항목이 있는 모든 연구원에게 권한 알림이 전송됩니다.</target>
+        <target>&apos;대기 중&apos; 상태인 제휴 항목이 있는 모든 연구원에게 권한 알림이 전송됩니다.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/send-notifications-dialog.component.html</context>
           <context context-type="linenumber">16</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.pt.xlf b/ui/src/i18n/messages.pt.xlf
index bf1902bd6..326548895 100644
--- a/ui/src/i18n/messages.pt.xlf
+++ b/ui/src/i18n/messages.pt.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="pt">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="pt" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>O endereço de e-mail não está registado!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Verifique e tente novamente</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>Adicione mais segurança à sua conta permitindo a autenticação de dois fatores. De cada vez que iniciar sessão, ser-lhe-à solicitado que introduza um código de seis dígitos que enviaremos para a sua aplicação de autenticação preferida.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Não consegue digitalizar o código QR?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>Não foi possível redefinir a sua palavra-passe. Lembre-se que um pedido de palavra-passe é apenas válido por 24 horas.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>Não foi possível enviar o e-mail de convite.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>Tem a certeza que quer transferir a propriedade? Está prestes a transferir a propriedade da conta desta organização. Se for o proprietário da conta depois de transferir a propriedade, não terá mais acesso a a funções administrativas, tais como a gestão de utilizadores.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>Tem a certeza de que quer eliminar esta afiliação para <x id="PH" equiv-text="this.affiliation?.email"/>? A afiliação será eliminada do portal e do registo ORCID do utilizador.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.ru.xlf b/ui/src/i18n/messages.ru.xlf
index 1f92a4091..95138b0aa 100644
--- a/ui/src/i18n/messages.ru.xlf
+++ b/ui/src/i18n/messages.ru.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="ru">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="ru" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Электронный адрес не зарегистрирован!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/>Пожалуйста, проверьте и попробуйте ещё раз</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>Повысьте безопасность своей учетной записи на портале участника ORCID, включив двухфакторную аутентификацию. Каждый раз, когда вы входите в систему, вам будет нужно ввести шестизначный код, который мы отправим в ваше приложение для аутентификации.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Не можете отсканировать QR-код?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>Ваш пароль не может быть сброшен. Помните, что запрос пароля действителен только в течение 24 часов.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>Не удалось отправить письмо с приглашением.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>Вы уверены, что хотите передать право собственности? Вы собираетесь передать право собственности на аккаунт этой организации. Если вы будете владельцем организации после передачи права собственности, у вас больше не будет доступа к административным функциям, таким как управление пользователями.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -2055,7 +2063,7 @@
       </trans-unit>
       <trans-unit id="country.CI.string" datatype="html">
         <source>Côte d’Ivoire</source>
-        <target>Кот-д'Ивуар</target>
+        <target>Кот-д&apos;Ивуар</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
           <context context-type="linenumber">201</context>
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>Удалить эту аффилиацию для <x id="PH" equiv-text="this.affiliation?.email"/>? Она будет удалена из портала и профиля ORCID пользователя.</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.xlf b/ui/src/i18n/messages.xlf
index 96bf1e9ab..4e941a7a7 100644
--- a/ui/src/i18n/messages.xlf
+++ b/ui/src/i18n/messages.xlf
@@ -440,6 +440,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -806,7 +814,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -864,7 +872,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -925,11 +933,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1194,7 +1202,7 @@
         <source>Are you sure you want to transfer ownership? You are about to transfer ownership of this organization account. If you are the organization owner after transferring ownership, you will no longer have access to administrative functions, such as managing users.</source>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4267,6 +4275,34 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.zh-CN.xlf b/ui/src/i18n/messages.zh-CN.xlf
index 11a73631d..caf833bda 100644
--- a/ui/src/i18n/messages.zh-CN.xlf
+++ b/ui/src/i18n/messages.zh-CN.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="zh-CN">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="zh-CN" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/> 电子邮件地址尚未注册！<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> 请检查并重试</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>启用双重身份验证，为您的 ORCID 成员门户账户增加额外的安全性。每次登录时，系统都会提示您输入发送到您首选身份验证应用程序的六位数验证码。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/> 无法扫描二维码？<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>密码无法重置。请谨记，密码请求仅在 24 小时内有效。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>无法发送邀请电子邮件。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>确定要转移所有权吗？您即将转移此组织账户的所有权。如果您的组织所有者，在转移完所有权后，您将无法再访问管理功能，例如管理用户。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>是否确定删除 <x id="PH" equiv-text="this.affiliation?.email"/> 的这一附属关系？该附属关系将从门户网站和用户的 ORCID 记录中删除。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file
diff --git a/ui/src/i18n/messages.zh-TW.xlf b/ui/src/i18n/messages.zh-TW.xlf
index 512368e40..6dfc41e13 100644
--- a/ui/src/i18n/messages.zh-TW.xlf
+++ b/ui/src/i18n/messages.zh-TW.xlf
@@ -1,5 +1,5 @@
-<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
-  <file source-language="en" datatype="plaintext" original="ng2.template" target-language="zh-TW">
+<?xml version="1.0" ?><xliff version="1.2" xmlns="urn:oasis:names:tc:xliff:document:1.2">
+  <file source-language="en" target-language="zh-TW" datatype="plaintext" original="ng2.template">
     <body>
       <trans-unit id="login.messages.error.authentication.string" datatype="html">
         <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Failed to sign in!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check your credentials and try again. </source>
@@ -106,7 +106,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.request.messages.notfound.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn't registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Email address isn&apos;t registered!<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> Please check and try again. </source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/> 電子郵件地址尚未登錄！<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/> 請在檢查後再試一次</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-init.component.html</context>
@@ -478,7 +478,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaExplain.string" datatype="html">
-        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you'll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
+        <source> Add extra security to your ORCID member portal account by enabling two-factor authentication. Each time you sign in, you&apos;ll be prompted to enter a six-digit code we send to your preferred authentication application. </source>
         <target>透過啟用雙重認證，為您的 ORCID 成員入口帳戶增添額外的安全性。每次登入時，系統都會提示您輸入我們傳送至您首選認證應用程式的六位數代碼。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -492,6 +492,14 @@
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
           <context context-type="linenumber">151</context>
         </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">120</context>
+        </context-group>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">148</context>
+        </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaUpdated.string" datatype="html">
         <source>2FA settings updated</source>
@@ -518,7 +526,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="settings.security.mfaCannotScan.one.string" datatype="html">
-        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can't scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
+        <source><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>Can&apos;t scan the QR code?<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></source>
         <target><x id="START_TAG_STRONG" ctype="x-strong" equiv-text="&lt;strong&gt;"/>無法掃描 QR 碼？<x id="CLOSE_TAG_STRONG" ctype="x-strong" equiv-text="&lt;/strong&gt;"/></target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/settings/settings.component.html</context>
@@ -814,7 +822,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="reset.finish.messages.error.string" datatype="html">
-        <source> Your password couldn't be reset. Remember a password request is only valid for 24 hours. </source>
+        <source> Your password couldn&apos;t be reset. Remember a password request is only valid for 24 hours. </source>
         <target>無法重設您的密碼。請記得密碼要求只在 24 小時內有效。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/account/password/password-reset-finish.component.html</context>
@@ -910,7 +918,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">150</context>
+          <context context-type="linenumber">195</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/users.component.html</context>
@@ -970,7 +978,7 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">165</context>
         </context-group>
       </trans-unit>
       <trans-unit id="entity.action.delete.string" datatype="html">
@@ -1034,11 +1042,11 @@
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">131</context>
+          <context context-type="linenumber">176</context>
         </context-group>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.html</context>
-          <context context-type="linenumber">141</context>
+          <context context-type="linenumber">186</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.activated.string" datatype="html">
@@ -1218,7 +1226,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.sendActivate.error.string" datatype="html">
-        <source>Invite email couldn't be sent.</source>
+        <source>Invite email couldn&apos;t be sent.</source>
         <target>無法寄送邀請電子郵件。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/shared/pipe/localize.ts</context>
@@ -1326,7 +1334,7 @@
         <target>您確定要轉移所有權嗎？您即將轉移此組織帳號的所有權。如您為組織擁有者，在轉移完成後就無法繼續使用如管理用戶等行政功能。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/user/user-update.component.ts</context>
-          <context context-type="linenumber">226</context>
+          <context context-type="linenumber">230</context>
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.msUserServiceMSUser.delete.question.string" datatype="html">
@@ -4406,7 +4414,7 @@
         </context-group>
       </trans-unit>
       <trans-unit id="gatewayApp.assertionServiceAssertion.delete.fromPortalAndRegistry.string" datatype="html">
-        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user's ORCID record.</source>
+        <source>Are you sure you want to delete this affiliation for <x id="PH" equiv-text="this.affiliation?.email"/>? The affiliation will be deleted from the portal and the user&apos;s ORCID record.</source>
         <target>是否確定要為 <x id="PH" equiv-text="this.affiliation?.email"/> 刪除這個所屬單位？該所屬單位會從入口網站和使用者 ORCID 記錄中刪除。</target>
         <context-group purpose="location">
           <context context-type="sourcefile">src/app/affiliation/affiliation-delete.component.ts</context>
@@ -4812,6 +4820,38 @@
           <context context-type="linenumber">66</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="settings.security.mfaOn.string" datatype="html">
+        <source>ON</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">123</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.mfaOff.string" datatype="html">
+        <source>OFF</source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">126</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disableMfaDescription.string" datatype="html">
+        <source> Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the member portal. </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">131</context>
+        </context-group>
+      </trans-unit>
+      <trans-unit id="settings.security.disabledMfaNotice.string" datatype="html">
+        <source> Users can enable 2FA from their account settings page </source>
+        <target state="new"/>
+        <context-group purpose="location">
+          <context context-type="sourcefile">src/app/user/user-update.component.html</context>
+          <context context-type="linenumber">155</context>
+        </context-group>
+      </trans-unit>
     </body>
   </file>
 </xliff>
\ No newline at end of file

From 93f707fe5ab7b2281ae8b567d443487e2b9b5715 Mon Sep 17 00:00:00 2001
From: andrej romanov <50377758+auumgn@users.noreply.github.com>
Date: Mon, 3 Mar 2025 18:47:19 +0200
Subject: [PATCH 8/8] split into two forms

---
 ui/src/app/user/user-update.component.html    | 104 ++++++++++--------
 ui/src/app/user/user-update.component.spec.ts |   6 +-
 ui/src/app/user/user-update.component.ts      |  45 ++++++--
 3 files changed, 98 insertions(+), 57 deletions(-)

diff --git a/ui/src/app/user/user-update.component.html b/ui/src/app/user/user-update.component.html
index 8c2985bca..a14a5acbf 100644
--- a/ui/src/app/user/user-update.component.html
+++ b/ui/src/app/user/user-update.component.html
@@ -114,51 +114,6 @@ <h1 id="jhi-ms-user-heading" class="mt-5" i18n="@@gatewayApp.msUserServiceMSUser
             >
           </div>
         </div>
-        <ng-container *ngIf="existentUser && existentUser.id && hasRoleAdmin()">
-          <hr class="mb-32 mt-0" />
-          <h2 class="mb-8 font-size-16">
-            <ng-container i18n="@@settings.security.mfa.string">Two-factor authentication</ng-container>&nbsp;<span
-              class="mfaOn"
-              *ngIf="existentUser.mfaEnabled"
-              >(<ng-container i18n="@@settings.security.mfaOn.string">ON</ng-container>)</span
-            >
-            <span class="mfaOff" *ngIf="!existentUser.mfaEnabled"
-              >(<ng-container i18n="@@settings.security.mfaOff.string">OFF</ng-container>)</span
-            >
-          </h2>
-          <div class="font-size-14">
-            <ng-container *ngIf="existentUser.mfaEnabled">
-              <p class="mb-8" i18n="@@settings.security.disableMfaDescription.string">
-                Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the
-                member portal.
-              </p>
-              <div class="form-group">
-                <input
-                  type="checkbox"
-                  class="form-control"
-                  name="twoFactorAuthentication"
-                  id="field_twoFactorAuthentication"
-                  formControlName="twoFactorAuthentication"
-                  (change)="toggleMfa()"
-                />
-                <label
-                  class="form-control-label two-factor-authentication-label"
-                  i18n="@@settings.security.mfa.string"
-                  for="field_twoFactorAuthentication"
-                  >Two-factor authentication</label
-                >
-              </div>
-            </ng-container>
-            <ng-container *ngIf="!existentUser.mfaEnabled">
-              <div class="warning-message d-flex p-16 mb-40 mt-16">
-                <img src="./../../../../content/images/warning-sign.svg" alt="Warning sign" class="p-8" />
-                <div class="font-size-14 wide-text line-height-150" i18n="@@settings.security.disabledMfaNotice.string">
-                  Users can enable 2FA from their account settings page
-                </div>
-              </div>
-            </ng-container>
-          </div>
-        </ng-container>
       </div>
       <div class="form-group">
         <button type="button" id="cancel-save" class="btn btn-outline-primary mr-2" (click)="navigateToUsersList()">
@@ -196,5 +151,64 @@ <h2 class="mb-8 font-size-16">
         </button>
       </div>
     </form>
+    <form name="mfaForm" role="form" novalidate [formGroup]="mfaForm">
+      <ng-container *ngIf="existentUser && existentUser.id && hasRoleAdmin()">
+        <hr class="mb-32 mt-32" />
+        <h2 class="mb-8 font-size-18">
+          <ng-container i18n="@@settings.security.mfa.string">Two-factor authentication</ng-container>&nbsp;<span
+            class="mfaOn"
+            *ngIf="existentUser.mfaEnabled"
+            >(<ng-container i18n="@@settings.security.mfaOn.string">ON</ng-container>)</span
+          >
+          <span class="mfaOff" *ngIf="!existentUser.mfaEnabled"
+            >(<ng-container i18n="@@settings.security.mfaOff.string">OFF</ng-container>)</span
+          >
+        </h2>
+        <div class="font-size-14">
+          <ng-container *ngIf="existentUser.mfaEnabled">
+            <p class="mb-8" i18n="@@settings.security.disableMfaDescription.string">
+              Disable two-factor authentication (2FA) for this user if they are having difficulty signing in to the
+              member portal.
+            </p>
+            <div class="form-group">
+              <input
+                type="checkbox"
+                class="form-control"
+                name="twoFactorAuthentication"
+                id="field_twoFactorAuthentication"
+                formControlName="twoFactorAuthentication"
+              />
+              <label
+                class="form-control-label two-factor-authentication-label"
+                i18n="@@settings.security.mfa.string"
+                for="field_twoFactorAuthentication"
+                >Two-factor authentication</label
+              >
+            </div>
+          </ng-container>
+          <ng-container *ngIf="!existentUser.mfaEnabled">
+            <div class="warning-message d-flex p-16 mb-40 mt-16">
+              <img src="./../../../../content/images/warning-sign.svg" alt="Warning sign" class="p-8" />
+              <div class="font-size-14 wide-text line-height-150" i18n="@@settings.security.disabledMfaNotice.string">
+                Users can enable 2FA from their account settings page
+              </div>
+            </div>
+          </ng-container>
+        </div>
+      </ng-container>
+      <div class="form-group">
+        <button type="button" id="cancel-save" class="btn btn-outline-primary mr-2" (click)="navigateToUsersList()">
+          <fa-icon [icon]="faBan"></fa-icon>&nbsp;<span i18n="@@entity.action.cancel.string">Cancel</span>
+        </button>
+        <button
+          (click)="saveMfa()"
+          type="submit"
+          [disabled]="!disableMfa || isSaving || memberList.length === 0"
+          class="btn btn-primary"
+        >
+          <fa-icon [icon]="faSave"></fa-icon>&nbsp;<span i18n="@@entity.action.save.string">Save</span>
+        </button>
+      </div>
+    </form>
   </div>
 </div>
diff --git a/ui/src/app/user/user-update.component.spec.ts b/ui/src/app/user/user-update.component.spec.ts
index 103c5f91e..2cfb0aff9 100644
--- a/ui/src/app/user/user-update.component.spec.ts
+++ b/ui/src/app/user/user-update.component.spec.ts
@@ -128,7 +128,7 @@ describe('UserUpdateComponent', () => {
     expect(twoFactorAuthenticationCheckbox).toBeTruthy()
     const checkbox = fixture.debugElement.nativeElement.querySelector('#field_twoFactorAuthentication')
     checkbox.click()
-    component.save()
+    component.saveMfa()
     expect(accountService.disableMfa).toHaveBeenCalledWith('id')
   })
 
@@ -146,7 +146,7 @@ describe('UserUpdateComponent', () => {
     })
     accountService.hasAnyAuthority.and.returnValue(true)
     fixture.detectChanges()
-    component.save()
+    component.saveMfa()
     const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
     expect(twoFactorAuthenticationCheckbox).toBeTruthy()
     expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
@@ -166,7 +166,7 @@ describe('UserUpdateComponent', () => {
     })
     accountService.hasAnyAuthority.and.returnValue(true)
     fixture.detectChanges()
-    component.save()
+    component.saveMfa()
     const twoFactorAuthenticationCheckbox = fixture.debugElement.query(By.css('#field_twoFactorAuthentication'))
     expect(twoFactorAuthenticationCheckbox).toBeFalsy()
     expect(accountService.disableMfa).toHaveBeenCalledTimes(0)
diff --git a/ui/src/app/user/user-update.component.ts b/ui/src/app/user/user-update.component.ts
index 7bd679d79..1913cd54f 100644
--- a/ui/src/app/user/user-update.component.ts
+++ b/ui/src/app/user/user-update.component.ts
@@ -48,13 +48,17 @@ export class UserUpdateComponent {
     salesforceId: new FormControl<string | null>(null, Validators.required),
     activated: new FormControl<boolean | null>(null),
     isAdmin: new FormControl<boolean | null>(null),
-    twoFactorAuthentication: new FormControl<boolean | null>(null),
     createdBy: new FormControl<string | null>(null),
     createdDate: new FormControl<string | null>(null),
     lastModifiedBy: new FormControl<string | null>(null),
     lastModifiedDate: new FormControl<string | null>(null),
   })
 
+  mfaForm = this.fb.group({
+    id: new FormControl<string | null>(null),
+    twoFactorAuthentication: new FormControl<boolean | null>(null),
+  })
+
   memberList = [] as IMember[]
   hasOwner = false
 
@@ -89,6 +93,7 @@ export class UserUpdateComponent {
         this.editForm.enable()
         if (this.existentUser) {
           this.updateForm(this.existentUser)
+          this.updateMfaForm(this.existentUser)
         }
       })
     })
@@ -115,6 +120,12 @@ export class UserUpdateComponent {
     this.editForm.get('salesforceId')?.valueChanges.subscribe((val) => (this.isSaving = false))
     this.editForm.get('mainContact')?.valueChanges.subscribe((val) => (this.isSaving = false))
     this.editForm.get('assertionServiceEnabled')?.valueChanges.subscribe((val) => (this.isSaving = false))
+
+    // MFA
+    this.mfaForm.get('twoFactorAuthentication')?.valueChanges.subscribe((val) => {
+      this.isSaving = false
+      if (val != null) this.disableMfa = !val
+    })
   }
 
   updateForm(user: IUser) {
@@ -127,7 +138,6 @@ export class UserUpdateComponent {
       salesforceId: user.salesforceId,
       activated: user.activated,
       isAdmin: user.isAdmin,
-      twoFactorAuthentication: user.mfaEnabled,
       createdBy: user.createdBy,
       createdDate: user.createdDate != null ? user.createdDate.format(DATE_TIME_FORMAT) : null,
       lastModifiedBy: user.lastModifiedBy,
@@ -147,6 +157,13 @@ export class UserUpdateComponent {
     }
   }
 
+  updateMfaForm(user: IUser) {
+    this.mfaForm.patchValue({
+      id: user.id,
+      twoFactorAuthentication: user.mfaEnabled,
+    })
+  }
+
   getMemberList(): Observable<IMember[]> {
     if (this.hasRoleAdmin()) {
       return this.memberService.getAllMembers().pipe(
@@ -234,8 +251,22 @@ export class UserUpdateComponent {
     }
   }
 
-  toggleMfa() {
-    this.disableMfa = !this.editForm.get('twoFactorAuthentication')?.value
+  saveMfa() {
+    if (this.mfaForm.valid) {
+      this.isSaving = true
+      const userFromForm = this.createFromForm()
+      this.userService.validate(userFromForm).subscribe((response) => {
+        const data = response
+        if (data.valid) {
+          if (userFromForm != null && this.hasRoleAdmin() && this.disableMfa && userFromForm.id) {
+            this.subscribeToUpdateResponse(this.accountService.disableMfa(userFromForm.id))
+          }
+        } else {
+          this.isSaving = false
+          this.validation = data
+        }
+      })
+    }
   }
 
   save() {
@@ -246,9 +277,6 @@ export class UserUpdateComponent {
         const data = response
         if (data.valid) {
           if (userFromForm.id !== null) {
-            if (this.hasRoleAdmin() && this.disableMfa && userFromForm.id) {
-              this.accountService.disableMfa(userFromForm.id).subscribe()
-            }
             if (this.currentAccount.id === userFromForm.id) {
               // ownership change functions redirect to homepage instead of redirecting to users list
               // as users who lose org owner status shouldn't have access to the users list
@@ -308,7 +336,6 @@ export class UserUpdateComponent {
       mainContact: this.editForm.get(['mainContact'])?.value || false,
       isAdmin: this.editForm.get(['isAdmin'])?.value || false,
       salesforceId: this.editForm.get(['salesforceId'])?.value || null,
-      mfaEnabled: this.editForm.get(['twoFactorAuthentication'])?.value || false,
       createdBy: this.editForm.get(['createdBy'])?.value || null,
       createdDate:
         this.editForm.get(['createdDate'])?.value != null
@@ -328,7 +355,7 @@ export class UserUpdateComponent {
     })
   }
 
-  protected subscribeToUpdateResponse(result: Observable<IUser>) {
+  protected subscribeToUpdateResponse(result: Observable<IUser | boolean>) {
     result.subscribe({
       next: () => this.onUpdateSuccess(),
     })