I use SSO with my nextcloud install and it has enforced MFA. In order to remove the distracting “Second Factor Configuration” warning I have to set the un-needed “Enforce 2FA” setting and also enable an app that enables 2FA.
As I’d rather not introduce extra un-needed apps and increase my potential attack surface, is there another way of removing the warning?
If the warning is not relevant in your case simply ignore it.
That devalues the warning section. I want it to be informative, relevent and useful
You could open a feature request on GitHub.
In this case, however, I 'd say just keep the TOTP app enabled. This will downgrade the warning to an info message. If the info message is still too distracting, then check that “Enforce 2FA” box.
And yes, I know it’s best security practice to only keep enabled what you actually use, but I think additional risks will be minimal in the specific case of the TOTP app.
By the way, are absolutely all accounts on your instance managed by the SSO/Identity Provider? There aren’t any “emergency” admin accounts on your instance with passwords that still could be used to log in without SSO? If not, then fine. But otherwise, 2FA would probably still makes sense. 
This is a fully self hosted deployment. All accounts that are expected to access from the globally routable network are SSO with MFA. My “emergency” account is local sudo access.
I might look at making a stub App that says it provides 2FA but has no functionallity. Which would be terrible, but marginally less terrible than an irrellevent un-dissmissable FUD notification.