There are scenarios where a user can enter just username and token response, normally this works with the Desktop Login client, because it will cache the user's credentials and then only a token response is required.
In other instances it will normally require AD credentials, i.e., username and password, with token response.
It will also depend on how you configure the applied policy. The Configuration guide goes into detail about policies. Specifically, if you define the policy to require use "Token" followed by "None" in the Authentication methos section, then the user will be prompted for username and token response only: