We are also interested in multi-factor authentication. Does anyone know if RSA Secure ID could be used to login?
Since we use a Pin plus the Token, we consider that multi-factor (something you know plus something you have).
I don't believe ePO integrates two-factor auth natively. You could set up a reverse proxy (nginx, A10/F5, etc.) and implement two-factor on the reverse proxy itself.