there is Intel Use Case Reference Design for IPT used for VPN login. Unfortunately I have only little personal experience with this.\
Intel EMEA Biz Client Solution Architect
you are missing propper HW platform.
Within Intel IPT overall technology envelope - the PKI (HW cert store provider) is supported by Intel Core vPro platforms (Core i5 vPro, Core i7 vPro) ONLY.
The propper Intel NUC for this is Intel® NUC5i5MYHE.
This is the only current Core vPro model of Intel NUCs.
Your system supports IPT One Time Password and Intel Protected Transaction Display.
Unfortunately Apple decided to not build vPro platforms.
There is Intel ME FW component of vPro Platform. For vPro it has to be Enterprise FW (5/6 MB) while for consumer platforms it is basic ME FW 1,5/2 MB image that do not support IPT PKI neither vPro/AMT.
Intel IPT PKI SW does not support OS X as well.