When new Mac is set Set up your MacBook Pro - Apple Support a mail address is required say example1@gmail.com , use some mail services like gmail , yahoo ...etc , create a web mail account with gmail services and keep web mail address and its password same as Apple ID and password and sign in with Mac system preferences .
And iCloud is set up in Mac Set up iCloud on your Mac - Apple Support
For secondary authentication account a new Apple ID is created How to create a new Apple ID - Apple Support three security answers for respective questions are added About Apple ID security questions - Apple Support also primary apple address and its password that should be totally different than rescue mail address , date of birth Update the birth date associated with your Apple ID - Apple Support rescue mail address https://support.apple.com/en-us/HT201356 is added / optional credit card details are also added in the account .
If you are using Apple ID created with secondary authentication and in your Mac you enter in the location system preferences , click on iCloud it will prompt to enter Apple ID and password , under security section you turn on 2FA .
An immediate mail will be received in your IMAP account , and you disable the 2FA within the time period of 14 days or immediately .
Again in system preferences - iCloud under keychain an error will be shown waiting for approval from other device having an exclamation mark .
And if you want to remove this error and again set up the iCloud Keychain and then plan to use your old secondary authentication Apple ID , see these steps .
( a ) Use an I phone and sign in with same Apple ID and password that is used in your Mac .
( b ) In your I phone go to settings - iCloud - open keychain - click on advanced two options will be shown .
Reset code and reset iCloud Keychain , so click on reset iCloud Keychain .
( c ) A verification code will appear on your mobile number through sms and it will prompt to generate a code , you have to think any desired number and fill up in the field , so keychain will set up in iPhone write down this code in a safe place .
( d ) Now come to your Mac and open system preferences , click on iCloud the box of keychain is unchecked , so tap the keychain box , it will show waiting for approval click on option button it will prompt to register with passcode enter the passcode that you generated in your iPhone and click on confirm .
( e ) Again in your iPhone device a pop up will appear showing approve or deny for your name and your Mac name say Mac book air or what ever Mac you are using and stating allow to approve for keychain , so click on allow .
( f ) So the waiting for approval from other device will be vanished .
( g ) In your Mac again click on option button in front of keychain , it will prompt to enter your trusted number an sms will come to your mobile having a verification code in it , so enter it your trusted mobile will be saved and visible .
Now , your iCloud keychain is set up from the server end and the Apple ID you are using is set with secondary authentication ( in which questions and answers for Apple ID are created ) and your 2FA is turned off .
Note : Suppose you have not followed this method for removing an error waiting for approval from other device and you think that erasing the hard drive and reinstalling the os or performing an archive installation , it will not help as this is the issue of iCloud Keychain from server end and not from your hardware of Mac .
In case 14 days are not crossed in your Mac , convert the account into secondary authentication and sign in with same Apple ID and password on both Macs , and recover secured notes set up in iCloud keychain .