Implementing One Identity Defender to Identity Manager

Hello everybody,

I am trying to implement two-factor authentication by using One Identity Defender to ITShop and AppServer portals and then later to Manager and Designer apps. 

For the web portals, I tried using the ISAPI Agent that One Identity provides. It works, but I want the user to authenticate first and then be offered to type in OTP (if he is using two-factor, otherwise just login). So ISAPI Agent is not really what I am looking for. Are there any other approaches? 

What about the apps?

Thank you for your answers,