Within the AA Enrollment Portal (even as recent as 18.104.22.168), if you scan the QR code for TOTP method using Google Authenticator (which is officially supported by AA), this results in a Google Authenticator profile named "Netiq(Netiq)"
This is bad for many reasons:
1) We don't want to advertise to our customers and suppliers our internal technology platforms. For both security reasons and branding reasons.
2) They won't necessarily remember "Netiq(Netiq)" has anything to do with our company, if they have lots of Google Authenticator registrations, leading to future confusion if they don't interact with us regularly. "Hey customer, we're company XYZ, but whenever you try to find our entry in your Google Authenticator, be sure to look for... Netiq(Netiq)?" Ugh, embarrassing!
3) AA is lamely duplicating the "Netiq" string twice, once as the Service name and once again as the Account name. The dozen or so other Google Authenticator registrations I have from all sorts of other companies show meaningful service names followed by (actual username).
To resolve, AA's TOTP method's Admin Console configuration should allow administrators to declare the values used, including:
1) Service/Company Name
2) Account Name
This will allow professional and intuitive Google Authenticator entries: MyCompany(YourUsername)