I have it working with FTP on a test LPAR. We won't implement in production unless CA adds TSS password + Radius passcode support.
Currently, the radius passcode completely replaces the TSS password. Setup for other facilities would be similar.
Assuming you already have MFASTC setup and running...
To get it working with FTP, we used TSS MODI MFA(RADIUS(FACILITY)).
The started task acid for the FTP server then needs TSS PER(stcid) IBMFAC(IRR.RFACTOR.USER) ACCESS(READ).
Assuming FTP is the facility name, individual user acid needs TSS PER(userid) CASECMFA(TSSMFA.RAD.FTP) ACCESS(USE).
User also needs this (assuming you use RADIUS_GENERIC as factor ID) ,
TSS ADD(userid) MFACTOR(RADIUS_GENERIC) MFADATA(RADIUSNAME:user-radius-ID) MFACTIVE(FACILITY)