You can add the following rule to accomplish it.
function requireMfaOncePerSession(user, context, callback) {
let authMethods = ;
if (context.authentication && Array.isArray(context.authentication.methods)) {
authMethods = context.authentication.methods;
}
const completedMfa = !!authMethods.find((method) => method.name === ‘mfa’);
if (completedMfa) {
return callback(null, user, context);
}
context.multifactor = {
provider: ‘any’,
allowRememberBrowser: false
};
callback(null, user, context);
}