You are right. You are forced to set up 2FA, then you log out and back in again, and only then the admin section appears under settings and you can enable/disable the apps.
Wow, I am impressed by who made that design decision.
@girish Maybe this could be added to the cloudron docs for this app as this is kind of important for using this, while it is far from obvious?