The 2FA Bypass with Grant Access section is not very clear. The redirect must be victim@gmail.com. If the redirect is to victi.m@gmail.com, the user is a new user, and 2FA is not enabled
However, if you are signing up for a new user victi.m@gmail.com, the link must also go to victi.m@gmail.com, so it is impossible to bypass 2FA at victim@gmail.com