I carry two phones, my Android phone (personal) and my iPhone (business). TFA is enabled on my account and I use Google Authenticator on both devices.

Recently I dropped and broke my Android phone, and had to replace it. Re-installing Authenticator was no big deal, but in order to get the QR code, I had to disable and then re-enable TFA, meaning I had to remove the DigitalOcean account from Authenticator on my iPnone - the phone I did not have to replace.

Here's how I suggest you handle it...
Generate the QR code when TFA is turned on. Then, provide a link to a page that displays the same QR code in case your customers want to set it up on additional devices. For security purposes, I think it would be wise to force the customer to re-enter their DO password even though they are already logged in at that point.