I forgot to mention that you need to toggle MFA to Never in the Security → Multi-Factor Auth settings in your dashboard. This should allow an initial login without enforcing MFA while requiring it for all subsequent logins.
This is a similar pattern to enabling MFA for a subset of users: