FreeRADIUS and PrivacyIDEA for Cisco Anyconnect

Dear colleagues, good afternoon.
Can you advise, I have a task to implement 2FA for cisco anyconnect, the settings I make on fmc by ftd.
I plan to realize it using FreeRADIUS + PrivacyIDEA, but admittedly nowhere can not find normal instructions on how to do it and what it requires. I confess, googled, but everywhere information in bits and pieces that do not fit together well, I still poorly understand the logic of such work, that is, that the clients after entering the password to enter an additional authentication code from the application on the phone, I want to test, because I feel will have to sit for a long time for this.
I would be very grateful if someone could share links to manuals, guides and so on.

Have you read this:

and then that:

Now you have the necessary setup available.
Al the rest depends on your VPN (read their instruction) and on Freeradius where you actually only (at least) need to adapt the clients.conf.

cornelinux, thank you for your previous answer. As a result, I decided to choose PrivacyIDEA + Keycloak for my anyconnect, so I performed all operations according to these instructions:

“As a result I stopped at this point: So PrivacyIDEA is now configured to challenge the second factor for every user. The last step is to enable OpenID Connect logins in roundcubemail.”

And now I don’t understand which values I have to set on the FTD side and what I have to do additionally on the Privacy&Keycloak side, could you tell me?

What kind of references should be specified in this section ?
Identity Provider Entity ID*