diff --git a/lib/private/Authentication/TwoFactorAuth/Manager.php b/lib/private/Authentication/TwoFactorAuth/Manager.php
index ff0c33445a2ad..18f9c3d48bf46 100644
--- a/lib/private/Authentication/TwoFactorAuth/Manager.php
+++ b/lib/private/Authentication/TwoFactorAuth/Manager.php
@@ -52,6 +52,7 @@
 class Manager {
 	public const SESSION_UID_KEY = 'two_factor_auth_uid';
 	public const SESSION_UID_DONE = 'two_factor_auth_passed';
+	public const SESSION_UID_CONFIGURING = 'two_factor_auth_configuring';
 	public const REMEMBER_LOGIN = 'two_factor_remember_login';
 	public const BACKUP_CODES_PROVIDER_ID = 'backup_codes';
 
@@ -262,6 +263,7 @@ public function verifyChallenge(string $providerId, IUser $user, string $challen
 			$this->session->remove(self::SESSION_UID_KEY);
 			$this->session->remove(self::REMEMBER_LOGIN);
 			$this->session->set(self::SESSION_UID_DONE, $user->getUID());
+			$this->session->remove(self::SESSION_UID_CONFIGURING);
 
 			// Clear token from db
 			$sessionId = $this->session->getId();
@@ -342,7 +344,7 @@ public function needsSecondFactor(IUser $user = null): bool {
 				$tokensNeeding2FA = $this->config->getUserKeys($user->getUID(), 'login_token_2fa');
 
 				if (!\in_array((string) $tokenId, $tokensNeeding2FA, true)) {
-					$this->session->set(self::SESSION_UID_DONE, $user->getUID());
+					$this->session->set(self::SESSION_UID_CONFIGURING, $user->getUID());
 					return false;
 				}
 			} catch (InvalidTokenException|SessionNotAvailableException $e) {
diff --git a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
index 7647e3bda7df1..ce324cc7ac55d 100644
--- a/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
+++ b/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php
@@ -369,11 +369,12 @@ public function testVerifyChallenge() {
 			->method('get')
 			->with('two_factor_remember_login')
 			->willReturn(false);
-		$this->session->expects($this->exactly(2))
+		$this->session->expects($this->exactly(3))
 			->method('remove')
 			->withConsecutive(
 				['two_factor_auth_uid'],
-				['two_factor_remember_login']
+				['two_factor_remember_login'],
+				['two_factor_auth_configuring']
 			);
 		$this->session->expects($this->once())
 			->method('set')
@@ -640,7 +641,7 @@ public function testNeedsSecondFactorSessionAuth() {
 		$this->assertFalse($this->manager->needsSecondFactor($user));
 	}
 
-	public function testNeedsSecondFactorSessionAuthFailDBPass() {
+	public function testNeedsSecondFactorWhileConfiguring() {
 		$user = $this->createMock(IUser::class);
 		$user->method('getUID')
 			->willReturn('user');
@@ -664,10 +665,12 @@ public function testNeedsSecondFactorSessionAuthFailDBPass() {
 				'42', '43', '44'
 			]);
 
+		// the user is still configuring 2FA with token 40
 		$this->session->expects($this->once())
 			->method('set')
-			->with(Manager::SESSION_UID_DONE, 'user');
+			->with(Manager::SESSION_UID_CONFIGURING, 'user');
 
+		// 2FA should not be required if configuration is not complete
 		$this->assertFalse($this->manager->needsSecondFactor($user));
 	}