The new release 2.5 of the privacyIDEA ownCloud app allows the administrator to define which client should require 2FA and which is ok with only a password. This is based on the IP address of the clients.
This way e.g. users would not need a second factor when accessing ownCloud from the LAN, while they would need to provide a second factor when they want to access their critical data over the internet.
I will give a talk about the privacyIDEA ownCloud App at FOSDEM this sunday.