AnyConnect is on the roadmap, soon you can try it on a beta release. I don't know any option at the moment where you can do MFA. Maybe if you have a NAC-solution, like ISE, where you can call another authentication system like DUO for a response.
as mentioned Anyconnect is on the roadmap currently just use your preferred radius and deploy within cisco setup?
Some docs to cover the topic