Right now, it's only possible using a maintenance script called disableOATHAuthForUser.php which requires production access which is not scaleable and it's one of the reasons preventing from allowing role out of 2FA for everyone.
Related Gerrit Patches:
|mediawiki/extensions/OATHAuth : master||Add SpecialDisableOATHForUser|
|operations/mediawiki-config : master||Don't allow sysop users to disable 2FA for other users|
|Open||None||T100375 Improve user experience of Two-Factor process|
|Open||None||T166622 Allow all users on all wikis to use OATHAuth|
|Stalled||None||T180896 Allow functionaries to reset second factor on low-risk accounts|
|Resolved||Ladsgroup||T195207 Special page to disable OATH for other users|