New users are having trouble completing the setup. They often check "primary" for TOP, but do not check "enabled."

When this happens, 2FA is not enabled, and they have a useless barcode in their authenticator app, which they have to remove.

It would be helpful if, upon form submission, when TOTP is checked as primary and a valid code is entered, then TOTP gets enabled.