This is a reference from MFA white paper - Each site in the hierarchy provides users and administrators a login point to the hierarchy. Based on the specific permissions configured per site, the users and administrators logging in will have access to the site they logged in to and sites below it in the hierarchy that they have permissions for.
Please read these documents explained MFA -
https://content.milestonesys.com/?mediaId=FFB36921-62BA-4506-BC36E0E82774CE16
However, this question doesn’t seem like developer question. As this is not related to software development with the MIP SDK, which is the focus of this forum, please ask again in the support community, you should get better help from the partners using the support community.