Administrator can activate the Two-Factor Authentication, by going to the User Manager, edit a User and go to the Two-Factor Authentication Tab.
If the plugin is activated for frontend as well, then each of your users will be able to setup his own SMS 2fa by editing his/her profile in front end.
Insert the mobile phone to corresponding field
Press button 'Send OTP' to send the one time password via SMS to the defined phone number.
Write the code you received on the phone in corresponding field. Then click on Save & Close.
Now, your site access is protected by Two-Factor Authentication. Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can get on your phone via SMS message. The same applies for front end if you activated it.