Not necessarily. While it is strongly recommended that all SSO users use two factor authentication every time they log in to SSO, it is very easy to limit two factor logins.
When providing your second authentication factor, simply check the “Trust browser” box in Duo before responding to the Duo prompt on your two factor device:
Thereafter, you will not have to supply your second factor on the current machine until the grace period has expired. Currently that setting is 5 days.
If you use another computer to access SSO, you will have to repeat this process.
Never click ‘Trust browser’ on a shared computer, such as at the library or in a computer lab.