Can MFA be required only on the first login of the day and not after a session timeout?


No. MFA authentication in Aeries is tied to the active session. When a session ends due to logout or an inactivity timeout, the session terminates and the associated MFA token clears. Signing in again is treated as a new session, which requires MFA verification. MFA verification is required each time a new session is established, including after a session timeout.