How manage users with 2FA devices slightly out of sync

I administer a Gitlab EE (Core) instance for our org. We have a persistant problem with users who’s devices are 1 minute or so out of sync with the server, which causes problems with 2FA. Where I have dealt with 2FA setups before, there has been a way to change the allowed time window, or number of valid codes, to avoid these issues. Is there any similar setting available for GitLab’s 2FA implementation? Thanks.