Configuring LTM access so it uses 2-factor Authn

11.6.0 Release Note has some additional details:

Enhanced system authentication methods for LTM BIG-IP

Utilizing APM, this release provides enhanced LTM System Authentication for the different methods: LDAP, RADIUS, Local User, TACACS+ to deliver a richer set of options such as AAA, fail-back, and dual-authentication.

https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-6-0.htmlrn_new

I have not tried it directly but it seems like you can select the option "Remote - APM based" in the User Directory option of the authentication tab and then point the authentication against an APM access policy end point. So the 2FA will need that your device is licensed for APM