Update Configs & Servers/Linux/privacyIDEA.md

Configs & Servers/Linux/privacyIDEA.md

@@ -3,7 +3,8 @@
 !!! info "Assumptions"
     It is assumed you have a provisioned virtual machine / physical machine, running Ubuntu Server 22.04 to deploy a privacyIDEA server.
 
-## Add Server to Inventory and Pull Inventory/Playbook Updates from Gitea
+## AWX Deployment
+### Add Server to Inventory and Pull Inventory/Playbook Updates from Gitea
 You need to target the new server using a template in AWX (preferrably).  
 
 - We will assume the FQDN of the server is `auth.bunny-lab.io` or just `auth`
@@ -11,7 +12,7 @@ You need to target the new server using a template in AWX (preferrably).
 - Update / Sync the "**Bunny-Lab**" project in AWX ([Resources > Projects > Bunny-Lab > Sync](https://awx.bunny-lab.io/#/projects/8/details))
 - Update / Sync the git.bunny-lab.io Inventory Source ([Resources > Inventories > Homelab > Sources > git.bunny-lab.io > Sync](https://awx.bunny-lab.io/#/inventories/inventory/2/sources/9/details))
 
-## Create a Template
+### Create a Template
 Next, you want to make a template to automate the deployment of privacyIDEA on any servers that are members of the `[privacyideaServers]` inventory host group.  This is useful for development / testing, as well as rapid re-deployment / scaling.
 
 - Navigate to **Resources > Templates > Add**
@@ -31,7 +32,7 @@ Next, you want to make a template to automate the deployment of privacyIDEA on a
 - [X] Privilege Escalation: Checked
 - [X] Enable Fact Storage: Checked
 
-## Launch the Template
+### Launch the Template
 Now we need to launch the template.  Assuming all of the above was completed, we can now deploy the playbook/template against the Ubuntu Server via SSH.
 
 - Launch the Template (Rocket Button)
@@ -56,16 +57,17 @@ Now we need to launch the template.  Assuming all of the above was completed, we
     PLAY RECAP *********************************************************************auth                       : ok=7    changed=5    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
     ```
 
-## Create an Administrator Account
+## Admin Access to WebUI
+### Create a privacyIDEA Administrator Account
 You will need to use the CLI in the server in order to create the first administrative account.  Run the following command and provide a password for the administrator account.
 ``` sh
 sudo pi-manage admin add nicole.rappe -e nicole.rappe@bunny-lab.io
 ```
 
-## Log into the WebUI
+### Log into the WebUI
 Assuming you created an `A` record in the DNS server pointing to the IP address of the privacyIDEA server, Navigate to https://auth.bunny-lab.io and sign in with your newly-created username and password.  (e.g. `nicole.rappe`)
 
-## Connect to Active Directory
+## Connect to Active Directory/LDAP
 ### Create a LDAP User ID Resolver
 This is what will connect privacyIDEA to an LDAP backend to pull-down users for authentication in Active Directory.  Begin by navigating to "**Config > Users > New LDAP Resolver**"
 
@@ -84,10 +86,18 @@ This is what will connect privacyIDEA to an LDAP backend to pull-down users for
 - Click the "**Preset Active Directory**" button.
 - Click the "**Test LDAP Resolver**" button.
 
-### Create a Realm
-Now we need to create what is called a "Realm".  Users need to be in realms to have tokens assigned. A user, who is not member of a realm can not have a token assigned and can not authenticate.  You can combine several different User ID Resolvers (see UserIdResolvers) into a realm.  Navigate to "**Config > Realms**"
+### Associate User ID Resolver with a Realm
+Now we need to create what is called a "**Realm**".  Users need to be in realms to have tokens assigned. A user, who is not member of a realm can not have a token assigned and can not authenticate.  You can combine several different User ID Resolvers (see UserIdResolvers) into a realm.  Navigate to "**Config > Realms**"
 
 | **Field** | **Value** |
 | :--- | :--- |
 | Realm Name | `Bunny-Lab` |
 | Resolver(s) | `BunnyLab-LDAP` |
+
+## Enrolling the First Token
+Navigate to "**Tokens > Enroll Token**"
+
+| **Field** | **Value** |
+| :--- | :--- |
+| [X] Generate OTP Key on Server | `Bunny-Lab` |
+| Resolver(s) | `BunnyLab-LDAP` |