Not necessarily. While it is strongly recommended that all SSO users use two-factor authentication every time they log in to SSO, it is very easy to limit two-factor logins.
When providing your second authecntication factor, simply check the “Remember this device” box before clicking “Log in >”:
Thereafter, you will not have to supply your second factor on the current machine until the grace period has expired.
Please note that while this feature is enabled, you will not have the option to manage your devices from this computer. However, it is possible to manage your devices by logging in from a different computer or a different browser where this feature isn’t enabled. (It is also possible to override this feature by deleting the browser’s cookies or opening a ‘private’ or ‘incognito’ browser session before logging in to SSO.)