From 0952725619fc90fe00df9673ed3b1dc7d23109f6 Mon Sep 17 00:00:00 2001
From: "Situ Chandra Shil (via MelvinBot)" <infra+melvinbot@expensify.com>
Date: Fri, 13 Mar 2026 14:57:50 +0000
Subject: [PATCH] Hide member-level 2FA toggle when domain 2FA is not enabled

The per-member "Force two-factor authentication" toggle on the Domain
Member details page was shown unconditionally, even when the domain
itself does not require 2FA. This was misleading because the toggle
only controls exemptions from the domain-level requirement and has
no effect when there is no such requirement.

Wrap the ToggleSettingOptionRow in a conditional that checks
domainSettings.twoFactorAuthRequired before rendering.

Co-authored-by: Situ Chandra Shil <situchan@users.noreply.github.com>
---
 .../Members/DomainMemberDetailsPage.tsx       | 44 ++++++++++---------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/src/pages/domain/Members/DomainMemberDetailsPage.tsx b/src/pages/domain/Members/DomainMemberDetailsPage.tsx
index 0af37c6e8095a..7498cba366c3b 100644
--- a/src/pages/domain/Members/DomainMemberDetailsPage.tsx
+++ b/src/pages/domain/Members/DomainMemberDetailsPage.tsx
@@ -142,27 +142,29 @@ function DomainMemberDetailsPage({route}: DomainMemberDetailsPageProps) {
                     errors={getLatestError(domainErrors?.memberErrors?.[memberLogin]?.vacationDelegateErrors)}
                     onCloseError={() => clearVacationDelegateError(domainAccountID, accountID, memberLogin, vacationDelegate?.previousDelegate)}
                 />
-                <ToggleSettingOptionRow
-                    wrapperStyle={[styles.mv3, styles.ph5]}
-                    switchAccessibilityLabel={translate('domain.common.forceTwoFactorAuth')}
-                    isActive={!domainSettings?.twoFactorAuthExemptEmails?.includes(memberLogin)}
-                    onToggle={(value) => {
-                        if (!personalDetails?.login) {
-                            return;
-                        }
-
-                        if (!value && accountRequiresTwoFactorAuth) {
-                            clearValidateDomainTwoFactorCodeError();
-                            Navigation.navigate(ROUTES.DOMAIN_MEMBER_FORCE_TWO_FACTOR_AUTH.getRoute(domainAccountID, accountID));
-                        } else {
-                            setTwoFactorAuthExemptEmailForDomain(domainAccountID, accountID, domainSettings?.twoFactorAuthExemptEmails ?? [], personalDetails.login, value);
-                        }
-                    }}
-                    title={translate('domain.common.forceTwoFactorAuth')}
-                    pendingAction={domainPendingActions?.member?.[accountID]?.twoFactorAuthExemptEmails}
-                    errors={getLatestError(domainErrors?.memberErrors?.[memberLogin]?.twoFactorAuthExemptEmailsError)}
-                    onCloseError={() => clearTwoFactorAuthExemptEmailsErrors(domainAccountID, memberLogin)}
-                />
+                {!!domainSettings?.twoFactorAuthRequired && (
+                    <ToggleSettingOptionRow
+                        wrapperStyle={[styles.mv3, styles.ph5]}
+                        switchAccessibilityLabel={translate('domain.common.forceTwoFactorAuth')}
+                        isActive={!domainSettings?.twoFactorAuthExemptEmails?.includes(memberLogin)}
+                        onToggle={(value) => {
+                            if (!personalDetails?.login) {
+                                return;
+                            }
+
+                            if (!value && accountRequiresTwoFactorAuth) {
+                                clearValidateDomainTwoFactorCodeError();
+                                Navigation.navigate(ROUTES.DOMAIN_MEMBER_FORCE_TWO_FACTOR_AUTH.getRoute(domainAccountID, accountID));
+                            } else {
+                                setTwoFactorAuthExemptEmailForDomain(domainAccountID, accountID, domainSettings?.twoFactorAuthExemptEmails ?? [], personalDetails.login, value);
+                            }
+                        }}
+                        title={translate('domain.common.forceTwoFactorAuth')}
+                        pendingAction={domainPendingActions?.member?.[accountID]?.twoFactorAuthExemptEmails}
+                        errors={getLatestError(domainErrors?.memberErrors?.[memberLogin]?.twoFactorAuthExemptEmailsError)}
+                        onCloseError={() => clearTwoFactorAuthExemptEmailsErrors(domainAccountID, memberLogin)}
+                    />
+                )}
                 <View style={styles.mt6} />
                 {!!accountRequiresTwoFactorAuth && (
                     <MenuItem