users with oathauth-enable access via global groups are unable to entroll in two factor authentication
Reported on meta ( https://meta.wikimedia.org/w/index.php?title=Steward_requests%2FGlobal_permissions&type=revision&diff=18703468&oldid=18703364 )
Report says that users such as global sysops with Enable two-factor authentication (oathauth-enable) permissions globally are unable to access enrollment unless they are also a member of a local group with access on the project they are trying to use