Basically you can have hardware or mobile tokens in FortiGate, assigned to locally made users who are remote type and so their password is verified against mentioned RADIUS server.
Another possibility, depending on your budget, is to use FortiAuthenticator as centralized authentication/authorization point. Handling all the tokens and either having users locally or again proxying their authentication to some backend servers like mentioned RADIUS, or Active Directory, LDAP, Azure, SAML .. whatever.
Third possibility I see is to use FortiToken Cloud tokens and manage them via web UI.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.