diff --git a/tfa_rules.module b/tfa_rules.module
index e5d7491..c3509c4 100644
--- a/tfa_rules.module
+++ b/tfa_rules.module
@@ -18,6 +18,15 @@ function tfa_rules_rules_condition_info() {
       'access callback' => 'rules_user_integration_access',
       'base' => 'tfa_rules_condition_user_has_tfa',
     ),
+    'tfa_rules_user_has_setup_tfa_permission' => array(
+      'label' => t('User has Set up TFA permission'),
+      'parameter' => array(
+        'account' => array('type' => 'user', 'label' => t('User')),
+      ),
+      'group' => t('User'),
+      'access callback' => 'rules_user_integration_access',
+      'base' => 'tfa_rules_condition_user_has_setup_tfa_permission',
+      ),
   );
 }
 
@@ -30,3 +39,10 @@ function tfa_rules_condition_user_has_tfa($account) {
 
   return $status;
 }
+
+/**
+ * Condition: User has Set up TFA permission.
+ */
+function tfa_rules_condition_user_has_setup_tfa_permission($account) {
+  return user_access('setup own tfa', $account);
+}
diff --git a/tfa_rules.rules_defaults.inc b/tfa_rules.rules_defaults.inc
index f5b99ce..f042bef 100644
--- a/tfa_rules.rules_defaults.inc
+++ b/tfa_rules.rules_defaults.inc
@@ -16,7 +16,10 @@ function tfa_rules_default_rules_configuration() {
     "OWNER" : "rules",
     "REQUIRES" : [ "tfa_rules", "rules" ],
     "ON" : { "user_login" : [] },
-    "IF" : [ { "NOT tfa_rules_user_has_tfa" : { "account" : [ "account" ] } } ],
+    "IF" : [
+      { "NOT tfa_rules_user_has_tfa" : { "account" : [ "account" ] } },
+      { "tfa_rules_user_has_setup_tfa_permission" : { "account" : [ "account" ] } }
+    ],
     "DO" : [
       { "drupal_message" : {
           "message" : "Two-factor authentication (TFA) is strongly recommended; please configure your account security.",