diff --git a/authority/config/config.go b/authority/config/config.go
index 68886d77..2cf6bfac 100644
--- a/authority/config/config.go
+++ b/authority/config/config.go
@@ -85,6 +85,7 @@ type ASN1DN struct {
 type AuthConfig struct {
 	*cas.Options
 	AuthorityID          string                `json:"authorityId,omitempty"`
+	DeploymentType       string                `json:"deploymentType,omitempty"`
 	Provisioners         provisioner.List      `json:"provisioners,omitempty"`
 	Admins               []*linkedca.Admin     `json:"-"`
 	Template             *ASN1DN               `json:"template,omitempty"`
diff --git a/commands/app.go b/commands/app.go
index 481c4867..faa25e31 100644
--- a/commands/app.go
+++ b/commands/app.go
@@ -8,11 +8,13 @@ import (
 	"net"
 	"net/http"
 	"os"
+	"strings"
 	"unicode"
 
 	"github.com/pkg/errors"
 	"github.com/smallstep/certificates/authority/config"
 	"github.com/smallstep/certificates/ca"
+	"github.com/smallstep/certificates/pki"
 	"github.com/urfave/cli"
 	"go.step.sm/cli-utils/errs"
 )
@@ -67,6 +69,18 @@ func appAction(ctx *cli.Context) error {
 		fatal(err)
 	}
 
+	if config.AuthorityConfig != nil {
+		if token == "" && strings.EqualFold(config.AuthorityConfig.DeploymentType, pki.LinkedDeployment.String()) {
+			return errors.New(`'step-ca' requires the '--token' flag for linked deploy type.
+
+To get a linked authority token:
+  1. Log in or create a Certificate Manager account at ` + "\033[1mhttps://u.step.sm/linked\033[0m" + `
+  2. Add a new authority with "linked" type
+  3. Follow instructions in browser to start 'step-ca' using the '--token' flag
+`)
+		}
+	}
+
 	var password []byte
 	if passFile != "" {
 		if password, err = ioutil.ReadFile(passFile); err != nil {
diff --git a/pki/pki.go b/pki/pki.go
index 6ada040d..3f566bad 100644
--- a/pki/pki.go
+++ b/pki/pki.go
@@ -54,6 +54,20 @@ const (
 	HostedDeployment
 )
 
+// String returns the string version of the deployment type.
+func (d DeploymentType) String() string {
+	switch d {
+	case StandaloneDeployment:
+		return "standalone"
+	case LinkedDeployment:
+		return "linked"
+	case HostedDeployment:
+		return "hosted"
+	default:
+		return "unknown"
+	}
+}
+
 const (
 	// ConfigPath is the directory name under the step path where the configuration
 	// files will be stored.
@@ -580,7 +594,7 @@ func (p *PKI) askFeedback() {
 	ui.Println("  regarding how you’re using `step` helps. Please send us a sentence or two,")
 	ui.Println("  good or bad at \033[1mfeedback@smallstep.com\033[0m or join GitHub Discussions")
 	ui.Println("  \033[1mhttps://github.com/smallstep/certificates/discussions\033[0m and our Discord ")
-	ui.Println("  \033[1mhttps://bit.ly/step-discord\033[0m.")
+	ui.Println("  \033[1mhttps://u.step.sm/discord\033[0m.")
 
 	if p.options.deploymentType == LinkedDeployment {
 		ui.Println()
@@ -652,6 +666,12 @@ func (p *PKI) GenerateConfig(opt ...ConfigOption) (*authconfig.Config, error) {
 		Templates: p.getTemplates(),
 	}
 
+	// Add linked as a deployment type to detect it on start and provide a
+	// message if the token is not given.
+	if p.options.deploymentType == LinkedDeployment {
+		config.AuthorityConfig.DeploymentType = LinkedDeployment.String()
+	}
+
 	// On standalone deployments add the provisioners to either the ca.json or
 	// the database.
 	var provisioners []provisioner.Interface