diff --git a/doc/user/compliance/audit_event_types.md b/doc/user/compliance/audit_event_types.md
index 3653d485c61aeb617a590e79dbb2c1098eab8f84..89e5f1aa7792add445f4c658c480061eae40af03 100644
--- a/doc/user/compliance/audit_event_types.md
+++ b/doc/user/compliance/audit_event_types.md
@@ -554,7 +554,7 @@ Audit event types belong to the following product categories.
 | [`update_mismatched_group_saml_extern_uid`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104791) | Triggered when the external UID is changed on a SAML identity. | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/382256) | User |
 | [`user_access_locked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124169) | Event triggered when user access to the instance is locked | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User |
 | [`user_access_unlocked`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124973) | Event triggered when user access to the instance is unlocked | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [16.2](https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/244) | User |
-| [`user_disable_two_factor`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89598) | Audit event triggered when user disables two factor authentication | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) | User |
+| [`user_disable_two_factor`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/89598) | Audit event triggered when user disables two factor authentication | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.1](https://gitlab.com/gitlab-org/gitlab/-/issues/238177) | User, Group |
 | [`user_enable_admin_mode`](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/104754) | Event triggered on enabling Admin Mode | **{check-circle}** Yes | **{check-circle}** Yes | GitLab [15.7](https://gitlab.com/gitlab-org/gitlab/-/issues/362101) | User |
 
 ### Team planning
diff --git a/ee/app/services/ee/two_factor/destroy_service.rb b/ee/app/services/ee/two_factor/destroy_service.rb
index 71a0feaec58045c262ac4f2e7f33c3f253fdefec..507cf5bc24bd5c8406770a84bb4613190ad2a34d 100644
--- a/ee/app/services/ee/two_factor/destroy_service.rb
+++ b/ee/app/services/ee/two_factor/destroy_service.rb
@@ -19,7 +19,7 @@ def notify_on_success(user)
         audit_context = {
           name: 'user_disable_two_factor',
           author: current_user,
-          scope: user,
+          scope: group || user,
           target: user,
           message: 'Disabled two-factor authentication',
           created_at: DateTime.current
diff --git a/ee/config/audit_events/types/user_disable_two_factor.yml b/ee/config/audit_events/types/user_disable_two_factor.yml
index 8c856ae44fbbeecbc41418e88a6b19b6836195f4..e20788b0b8c44d464e3ca1026e41bbc3062b495d 100644
--- a/ee/config/audit_events/types/user_disable_two_factor.yml
+++ b/ee/config/audit_events/types/user_disable_two_factor.yml
@@ -7,4 +7,4 @@ milestone: '15.1'
 feature_category: system_access
 saved_to_database: true
 streamed: true
-scope: [User]
+scope: [User, Group]
diff --git a/ee/spec/services/ee/two_factor/destroy_service_spec.rb b/ee/spec/services/ee/two_factor/destroy_service_spec.rb
index 4839d1144a445d38f369a0c7d9244f987e6888a8..18f90ac8dea7f4942ae5a5019e756b062868b678 100644
--- a/ee/spec/services/ee/two_factor/destroy_service_spec.rb
+++ b/ee/spec/services/ee/two_factor/destroy_service_spec.rb
@@ -43,7 +43,7 @@
 
         expect(AuditEvent.last).to have_attributes(
           author: current_user,
-          entity_id: user.id,
+          entity_id: group.id,
           target_id: user.id,
           target_type: current_user.class.name,
           target_details: user.name,