Hey there @sarah1!
What is your current set up? Are you using refresh tokens or standard silent auth? I’ve just tested using refresh tokens and our react sdk - Users are not required to challenge mfa again on token refresh. This typically happens (speaking to refresh token exchange in particular) when there is a rule/action enforcing mfa.
The more detail you can provide the better!