Your understanding is correct, after having setup your Auth0 account to enforce the use of MFA through Google Authenticator each end-user after having provided their credentials would be asked to enroll/setup the use of MFA for their user account. This would be a one-time procedure for each end-user.
You can read more about using Google Authenticator for MFA at:
You may be using an unsupported flow through Lock or just have it misconfigured; the automatic enroll/setup implies that user is doing authentication as part of a redirect-based flow where the user-agent can be redirected to the enrollment page. I would advise you to create a new question detailing what exactly you’re using (Lock version, options, types of connections, etc) and also any error information you may have.