So, I got Juniper to confirm that they are sending two REST api calls to log you in once the cookie shows you are logged in to their security director product. They said that they MIGHT fix it in their version currently in development (17.1). As of now using the Duo Auth Proxy Radius is considered 'unsupported'.
For now, if we don't want to accept 2 pushes to our devices (or use my Yubikey or a passcode), I have to use incognito mode in Chrome such that it presents me with the Network Management (or I've since learned they refer to it as "Platform).
Just a note, we've been talking to different vendors for these web-based management platforms and they seem surprised that we want to use two factor on their products. But, the way I look at it, if we expect others to use 2FA for their daily workflows, we should use it too.