What is the exact process the user is taking?
Are they logging into RDweb and then opening Desktop collection, or do they just have an RDP client link on their desktop?
It sounds like they are opening the RDP client link on their desktop, accepting MFA for connection to Remote Desktop Gateway and then having to login to the Remote Desktop Server. This can be solved by ticking the box: Use my RD Gateway credentials for the remote computer under advanced settings in the RDP client.