If you're using IIS, it would probably be best to use it to handle authentication and pass the token to osTicket; you would need to write some glue code to handle the authentication however. An external authentication plugin would be a good place to start. Or, just recently with 1.15.x the 2FA framework was finalized and Email 2FA is included by default, so you might see about creating a 2FA authentication plugin for smartcards.