To allow Tokens to be used to access the FMC you will need to create a REGEX line to handle the parsing of the Principal name.
I have not covered the portion here that explains how to setup the FMC for CAC and External authentication.
You can find that in the FMC documentation either by Googling it or using the FMC's onboard documentation.
Another link you will be interested in is REGEX101. This site allows you to paste in your regex string and test if it will work.

1. Login to the FMC via CLI
2. Enter "expert" mode
3. Enter "sudo su <password>"
4. Create or modify a file in /etc/sf/"cac.conf" is the name of ours
5. Enter the below information. The section containing "c[it][rv](.)[sn]a" is what your User Principal name ends with.
Should your tokens not end with civ.sa, civ.na, ctr.sa or ctr.na then you will have to modify these sections to get a match.
cac_env_var=SSL_CLIENT_SAN_OTHER_msUPN_0
cac_user_name_template=((\w{1,10}((.)c[it][rv](.)[sn]a)))
6. Once you have finished creating the file exit and set the permissions on the file as required. A good setting is rw-r--r--.