Preparing for an upgrade of our Horizon 7.6/UAG 3.3 environment to 7.10/UAG 3.7 and was testing the powershell deployments of the new 3.7 UAG. Noticed I couldn't get SecurID auth to work with the new deployment. Used the same exact ini file as previously just changed the source file to point to the new ova. Long story short it turns out something happened with version 3.5 and up where you're unable to select the + sign in the admin UI to select a second form of authentication, in my case I want securid-auth && sp-auth. I find it hard to believe that no one has reported this for the past 3 versions of UAG? I opened a ticket with GSS with screenshots pointing out my issue but I know markbenson is active on this forum and I'm hoping he could shed some light or provide some help.
Apparently the documentation and UI hints are incorrect. Just choosing SecurID as the auth method is enough to have the securid prompt first for passcode and then the AD auth prompt second. Also using authmethods=securid-auth in the ini file configures it the same and it behaves the same when logging in.