Jim:To use any two-factor auth server with AD, you can use NPS, the MS radius plugin. This page will give you an overview, but you will want to see the MS documentation for specific details: http://www.wikidsystems.com/support/wikid-support-center/h...
We have a lot of customers using WiKID with Ciscos. You can get an eval download here: http://www.wikidsystems.com/downloads. We also have some registration-free white papers here: http://www.wikidsystems.com/learn-more/two-factor-authentication-wh...
You will want to use NPS, the MS radius plugin. It will let AD do the authorization based on the username and will proxy the username and OTP to your 2FA server. We have a helpful eGuide on adding two-factor authentication to your network available...
Essentially, you want to use radius between the two - stick to the standards for authenticaiton to avoid lock-in. I don't have any docs for adding two-factor auth to the ACS, but I do have one for a VPN concentrator: http://www.wikidsystems.com/supp...
Ben:This might help you, though it is neither Cisco nor SecurID, but the principals are the same. You basically want the Cisco to use Radius to talk to the MS radius plugin NPS, formerly known as IAS. Then you want NPS/IAS to proxy the request to th...