Update Configs & Servers/Linux/privacyIDEA.md

Configs & Servers/Linux/privacyIDEA.md

@@ -104,10 +104,32 @@ You will need to create several policies, you can make them all individual, or m
 - **Scope**: `Authentication` > "**push_allow_polling**" = `allow`
 
 ## Enrolling the First Token
+!!! bug "Push Notifications Broken"
+    Currently, the push notification system (e.g. Cisco DUO") is not behaving as-expected.  For now, you can use other authentication methods for the tokens, such as HOTP (on-demand MFA codes) or TOTP (conventional time-based MFA codes).
+
+### TOTP Token
 Navigate to "**Tokens > Enroll Token**"
 
 | **Field** | **Value** |
 | :--- | :--- |
-| Token Type | `PUSH: Send a Push Notification to a Smartphone` |
+| Token Type | `TOTP` |
 | Realm | `Bunny-Lab` |
 | Username | `[256da6f8-9ddb-4ec5-9409-1a95fea27615] nicole.rappe (Nicole Rappe)` |
+
+Use any MFA authenticator app like Bitwarden or Google Authenticator to add the code and store the secret key somewhere safe.
+
+## Install Credential Provider on Endpoint
+When you want to leverage MFA in an environment using the server, you need to have a domain-joined computer running the Credential Provider, which can be found on the [Official Credential Provider Github Page](https://github.com/privacyidea/privacyidea-credential-provider/releases).
+
+- Download the MSI
+- Run the installer on the computer
+- Click "**Next**"
+- Check the "**Agree**" checkbox, then click "**Next**"
+- Hostname: `auth.bunny-lab.io`
+- Path: `/path/to/pi` 
+- [x] Ignore Unknown CA Errors when Using SSL
+- [x] Ignore Invalid Common Name Errors when Using SSL
+- Click "**Next**" > "**Next**" > "**Next**"
+- Click "**Install**" then "**Finish**"
+
+You can now log out and verify that the credential provider is displayed as an option, and can log in using your domain username, domain password, and TOTP that you configured in the privacyIDEA WebUI.