Django

Authorization on a local django site for visitors from the Internet with login verification via ldap + additional verification via sms?

Good day!
I implemented SSO on the local server using the django-auth-ldap library, it works as expected, the user with his domain account goes to the site. But... thinking about expanding the functionality, I came to the conclusion that it would also be necessary to implement the entrance to the corporate site through the external Internet, using the same login and password, only plus everything you need to send an SMS with a confirmation code. What is the actual question: by what mechanisms is it possible to implement such a two-factor authorization?
When logging in via ldap to django, a user is created which actually needs to be checked (probably), but what if there was no first login from the local area, and there is no user in the django database? It turns out that I should have two login addresses, one for internal users, the second for external ones?
Thanks for the kind words))