diff --git a/rhodecode/apps/_base/__init__.py b/rhodecode/apps/_base/__init__.py
--- a/rhodecode/apps/_base/__init__.py
+++ b/rhodecode/apps/_base/__init__.py
@@ -182,6 +182,8 @@ class BaseAppView(object):
                 "warning",
                 ignore_duplicate=False,
             )
+            # Special case for users created "on the fly" (ldap case for new user)
+            user_obj.check_2fa_required = False
             raise HTTPFound(self.request.route_path(self.SETUP_2FA_VIEW))
 
     def _maybe_needs_2fa_check(self, view_name, user_obj):
diff --git a/rhodecode/model/db.py b/rhodecode/model/db.py
--- a/rhodecode/model/db.py
+++ b/rhodecode/model/db.py
@@ -813,7 +813,7 @@ class User(Base, BaseModel):
         Checks if 2fa was forced for current user
         """
         from rhodecode.model.settings import SettingsModel
-        if value := SettingsModel().get_setting_by_name(f'{self.extern_type}_global_2fa'):
+        if value := SettingsModel().get_setting_by_name(f'auth_{self.extern_type}_global_2fa'):
             return value.app_settings_value
         return False