there is multitude of possible solutions.
As a base for your research (if you are not going to contact our sales engineers [SE], who are half sales mans and half technicians) might be this documentation:
Basically you can have hardware or mobile tokens in FortiGate, assigned to locally made users who are remote type and so their password is verified against mentioned RADIUS server.
Another possibility, depending on your budget, is to use FortiAuthenticator as centralized authentication/authorization point. Handling all the tokens and either having users locally or again proxying their authentication to some backend servers like mentioned RADIUS, or Active Directory, LDAP, Azure, SAML .. whatever.
Third possibility I see is to use FortiToken Cloud tokens and manage them via web UI.
General overview of our access management options is here:
Tom xSilver, planet Earth, over and out!