diff --git a/apps/admin_audit/lib/AppInfo/Application.php b/apps/admin_audit/lib/AppInfo/Application.php
index 077cc4c47ad..78299fbcba6 100644
--- a/apps/admin_audit/lib/AppInfo/Application.php
+++ b/apps/admin_audit/lib/AppInfo/Application.php
@@ -39,6 +39,8 @@ use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\Authentication\Events\AnyLoginFailedEvent;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Cache\CacheEntryInsertedEvent;
@@ -118,6 +120,8 @@ class Application extends App implements IBootstrap {
 		// Security events
 		$context->registerEventListener(TwoFactorProviderChallengePassed::class, SecurityEventListener::class);
 		$context->registerEventListener(TwoFactorProviderChallengeFailed::class, SecurityEventListener::class);
+		$context->registerEventListener(TwoFactorProviderForUserRegistered::class, SecurityEventListener::class);
+		$context->registerEventListener(TwoFactorProviderForUserUnregistered::class, SecurityEventListener::class);
 
 		// App management events
 		$context->registerEventListener(AppEnableEvent::class, AppManagementEventListener::class);
diff --git a/apps/admin_audit/lib/Listener/SecurityEventListener.php b/apps/admin_audit/lib/Listener/SecurityEventListener.php
index 17253aa384c..e4b2f35eabb 100644
--- a/apps/admin_audit/lib/Listener/SecurityEventListener.php
+++ b/apps/admin_audit/lib/Listener/SecurityEventListener.php
@@ -12,11 +12,13 @@ namespace OCA\AdminAudit\Listener;
 use OCA\AdminAudit\Actions\Action;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 
 /**
- * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed>
+ * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed|TwoFactorProviderForUserRegistered|TwoFactorProviderForUserUnregistered>
  */
 class SecurityEventListener extends Action implements IEventListener {
 	public function handle(Event $event): void {
@@ -24,6 +26,10 @@ class SecurityEventListener extends Action implements IEventListener {
 			$this->twoFactorProviderChallengePassed($event);
 		} elseif ($event instanceof TwoFactorProviderChallengeFailed) {
 			$this->twoFactorProviderChallengeFailed($event);
+		} elseif ($event instanceof TwoFactorProviderForUserRegistered) {
+			$this->twoFactorProviderForUserRegistered($event);
+		} elseif ($event instanceof TwoFactorProviderForUserUnregistered) {
+			$this->twoFactorProviderForUserUnregistered($event);
 		}
 	}
 
@@ -58,4 +64,36 @@ class SecurityEventListener extends Action implements IEventListener {
 			]
 		);
 	}
+
+	private function twoFactorProviderForUserRegistered(TwoFactorProviderForUserRegistered $event): void {
+		$this->log(
+			'Two factor provider %s enabled for user %s (%s)',
+			[
+				'provider' => $event->getProvider()->getDisplayName(),
+				'uid' => $event->getUser()->getUID(),
+				'displayName' => $event->getUser()->getDisplayName()
+			],
+			[
+				'provider',
+				'uid',
+				'displayName',
+			]
+		);
+	}
+
+	private function twoFactorProviderForUserUnregistered(TwoFactorProviderForUserUnregistered $event): void {
+		$this->log(
+			'Two factor provider %s disabled for user %s (%s)',
+			[
+				'provider' => $event->getProvider()->getDisplayName(),
+				'uid' => $event->getUser()->getUID(),
+				'displayName' => $event->getUser()->getDisplayName()
+			],
+			[
+				'provider',
+				'uid',
+				'displayName',
+			]
+		);
+	}
 }
diff --git a/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php b/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php
index 48230108530..803d29abd05 100644
--- a/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php
+++ b/apps/admin_audit/tests/Listener/SecurityEventListenerTest.php
@@ -14,6 +14,8 @@ use OCA\AdminAudit\Listener\SecurityEventListener;
 use OCP\Authentication\TwoFactorAuth\IProvider;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserRegistered;
+use OCP\Authentication\TwoFactorAuth\TwoFactorProviderForUserUnregistered;
 use OCP\IUser;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;
@@ -62,4 +64,26 @@ class SecurityEventListenerTest extends TestCase {
 
 		$this->security->handle(new TwoFactorProviderChallengePassed($this->user, $this->provider));
 	}
+
+	public function testTwofactorRegistered(): void {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Two factor provider myprovider enabled for user mydisplayname (myuid)'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->handle(new TwoFactorProviderForUserRegistered($this->user, $this->provider));
+	}
+
+	public function testTwofactorUnregistered(): void {
+		$this->logger->expects($this->once())
+			->method('info')
+			->with(
+				$this->equalTo('Two factor provider myprovider disabled for user mydisplayname (myuid)'),
+				['app' => 'admin_audit']
+			);
+
+		$this->security->handle(new TwoFactorProviderForUserUnregistered($this->user, $this->provider));
+	}
 }