You will have to disable the user 2fa configuration to be able to recover the credentials for the user. To disable 2fa authentication for a user account, first, ensure 2fa authentication is not mandatory for the user enterprise. Then, execute the query below replacing IDUSER with the corresponding value:
update credential set secret = null, scratch_codes = null, totp_provider = null where idUser = IDUSER;
If for some reason you can't disable 2fa for the enterprise, the previous query will cause Abiquo to force the 2fa setup process on the next login. Tell your user to delete the Google authenticator configured account from their device and configure it again.