Problem description
By default an admin account with a read role cannot enable MFA as these admins can review existing Backup Policies, Server Schedules, and DR plans, but will not be allowed to create or edit existing policies or plans.
Resolution
An Org admin account needs to log in to the CR console.
Click on the gear icon -> Select Organizational settings.
Here under members add the concerned admin account and provide him either “write” or “admin” role and click on save button the topright corner of the screen.
Once the concerned admin is promoted to “admin” role , he/she would be able to log in and can configure MFA accordingly.