There’s not a FreePBX module for it but there is at least one DIY method which probably has some pitfalls.
You can set FreePBX to authenticate using Apache and then set the user permissions with FreePBX. This is done in Advanced Settings -> Authorization Type = webserver.
Then in Apache, you can set up whatever authn module you want. If you use Office365 or GSuite with 2FA, you can auth against those using the mod_auth_openidc module. I have used this for other web server applications and can vouch for it, but have never used it directly with FreePBX. Warning, the setup is a lot of work (at least it felt like a lot to me).
When you have set up authn like that and protect a web directory with it, you are first sent to the auth provider (MS, Google, or wherever) and once you have successfully authenticated, the web server passes your username on to FreePBX, so that username has to exist in the administrators table and have permissions.
I think that would work fine for admin. I don’t think UCP ties into that in any way; I believe UCP exclusively uses the FreePBX database for both authentication and authorization.