Yes, you basically configure Unified Access Gateway (formerly called Access Point) just for RADIUS authentication (radius-auth and sp-auth). The user is prompted for their passcode (which in your case is initially the AD password) and this is then sent to the RADIUS server for validation and for it then to generate the code sent via SMS. The next prompt is for this code which is handled as a RADIUS challenge. Both of these steps happen within the RADIUS authentication part even though the user enters their AD password initially. This is because the RADIUS server requires the password first.

After this, there is an option in UAG to use the same password for the subsequent prompt required by Horizon Connection Server as part of sp-auth (server pass-through authentication). This means the user isn't then prompted a second time for their password.