diff --git a/seahub/settings.py b/seahub/settings.py
index 94c4f936e1..9fcf9b9527 100644
--- a/seahub/settings.py
+++ b/seahub/settings.py
@@ -759,6 +759,7 @@ CLOUD_DEMO_USER = 'demo@seafile.com'
 ENABLE_TWO_FACTOR_AUTH = False
 OTP_LOGIN_URL = '/profile/two_factor_authentication/setup/'
 TWO_FACTOR_DEVICE_REMEMBER_DAYS = 90
+ENABLE_FORCE_2FA_TO_ALL_USERS = False
 
 # Enable personal wiki, group wiki
 ENABLE_WIKI = True
diff --git a/seahub/two_factor/middleware.py b/seahub/two_factor/middleware.py
index 6543e9ac9a..73b1378fff 100644
--- a/seahub/two_factor/middleware.py
+++ b/seahub/two_factor/middleware.py
@@ -9,7 +9,7 @@ from django.http import HttpResponseRedirect
 from . import DEVICE_ID_SESSION_KEY
 from .models import Device
 from seahub.options.models import UserOptions
-from seahub.settings import SITE_ROOT
+from seahub.settings import SITE_ROOT, ENABLE_FORCE_2FA_TO_ALL_USERS
 
 
 class IsVerified(object):
@@ -85,10 +85,11 @@ class ForceTwoFactorAuthMiddleware(object):
         if not self.filter_request(request):
             return None
 
-        if not UserOptions.objects.is_force_2fa(user.username):
-            return None
-
         if user.otp_device is not None:
             return None
 
-        return HttpResponseRedirect(reverse('two_factor:setup'))
+        if ENABLE_FORCE_2FA_TO_ALL_USERS or UserOptions.objects.is_force_2fa(user.username):
+            return HttpResponseRedirect(reverse('two_factor:setup'))
+
+        return None
+