Integration with ISE, TACACS and TOTP

Hey all, appreciate the eyes and potential suggestions in advance.

I’m trying to keep extending where we can use KeyCloak. An integration that I am currently trying to solve is trying to use the TOTP authentication of KeyCloak with Cisco ISE. ISE can integrate with RFC 2865 compliant radius token implementations but I’m still doing research on what API options may exist if any. Ultimately my intent would be to have a hardware token and a network technician would use it to login to Network equipment.

Would anyone have previous work or a solution that helped provide two-factor authentication using Cisco ISE with either another Radius server that is then tied into KeyCloak? Or perhaps another view point or perspective on a different approach?