Last tested: Jan 18, 2018
Two-factor authentication in Looker only impacts email-password logins. It does not have an effect on authentication via LDAP, SAML, or Google Auth credentials. For instance, if Google Auth is enabled, 2fa would not be applied. However, for anyone using the alternate login screen to log in, the 2fa would apply for them as that is always email/password.
If a user does not have a role with login_special_email, then the option to reset their 2FA won't appear when that user is edited.