Hello @Yazar ,
Welcome to Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!
For sure you can create local group on the firewall. When it comes to MFA it depends on what kind you use, If it is a third party product then we will need to check for the specific configuration. Regarding the 3rd point I was not able to understand, is it third party email/sms for sending the token/One time password ? Please provide us more info on this.
Hope to hear from you soon.