Hello,
As far as I know there is no built-in MFA inside ISIM10, be it software or Virtual Appliance. You need an external tool like IBM Security Verify Access.
However an alternate can be this ; If client has an MFA solution already implemented for , say, Active Directory or another common LDAP login, you can use OpenID Connect to SSO ISIM10. This way, when a user tries to log in to ISIM 10, SSO redirects to Active Directory and whatever MFA which is already in place, then it triggers MFA as usual.
I know this is not a direct answer or solution but that's how we handled this at a client.
Hope it helps.