Setting up primary/secondary auths for controller

Hi looking at docs , I see it is possible to setup cert/jwt authentication as primary and then maybe have an MFA on top of it .

Where can I find the guide to achieve this
Please do point thanks

Yes. NetFoundry has this configuration in place for our chat app. You want to implement a posture check for TOTP

Were to execute those api's ? Since I'm not using sdk

Posture Checks | OpenZiti shows you ziti cli commands which should get you what you need