Use case we are discussing here is, a MFA enabled user is not redirecting to "validate_multifactor_auth_code.do" page after successful enrolment of  a MFA device. Instead the page is taking to welcome.do

To diagnose the issue, use the developer tool of the browser and follow the transaction. Here in this case, we could see after the user enters the credentials, page "login.do" "validate_multifactor_auth_code.do" is getting a response of 302 followed by welcome.do with a status of 200

Login.do

validate_multifactor_auth_code.do

Welcome.do

Hence this clear that page is finally landing to welcome.do

This can be any customisations at the instance level like UI pages, global UI script. If there is no Portal/CMS pages involved you can check with Installation exits

Check for installation exits like Login and see if there is any redirections happening.

Examples:

loginFailed : function() {
// redirect back to welcome page if login failed
gs.setRedirect('welcome.do');

Reverting this should fix the issue and you can check the response status of "validate_multifactor_auth_code.do" as 200 afterwards.