CPPM supports integration with two-factor authentication solutions; for example RSA Authentication Manager. It basically uses RSA as an authentication source for use in Services and Policy. However, it may not give you what your manager mentioned "a user with credentials as well as a token based phoebe, using both to access a particular system'.
Although you can use it as an authentication source, it is really up to the application, system, or supplicant to dictate the authentication requirements. In other words, you cannot configure your wireless supplicant to ask for both username/password and username/tokencode combinations to access an 802.1X network. Some products (for example Juniper SA SSL VPN) have configurations to support multiple authentication/authorization sources.
So to answer your question, yes CPPM can integrate with two-factor solutions, however depending on the authenticating application type, it may not deliver what your security manager quoted.