Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!
For sure you can create local group on the firewall. When it comes to MFA it depends on what kind you use, If it is a third party product then we will need to check for the specific configuration. Regarding the 3rd point I was not able to understand, is it third party email/sms for sending the token/One time password ? Please provide us more info on this.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.