diff --git a/README.md b/README.md
index 794fb67..d118fbf 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ configuration options:
 
 * `email`: The email address to use as the account name when logging into the
   Bitwarden server. Required.
+* `client_id`: Client ID part of the API key. Defaults to regular login process if unset.
 * `sso_id`: The SSO organization ID. Defaults to regular login process if unset.
 * `base_url`: The URL of the Bitwarden server to use. Defaults to the official
   server at `https://api.bitwarden.com/` if unset.
@@ -95,6 +96,18 @@ between by using the `RBW_PROFILE` environment variable. Setting it to a name
 switch between several different vaults - each will use its own separate
 configuration, local vault, and agent.
 
+### Auth methods
+
+Currently `rbw` supports three login strategies, listed by order of priority:
+1. `apikey`, requires you to provide `client_id` and `client_secret`. Will be enabled
+  when a `client_id` value is set in the config file
+2. `SSO` (Enterprise Single Sign-On). Will be enabled when a `sso_id` value is set in
+  the config file. (Note: due to the current implementation, if your account is secured with 2FA
+  you'll be required to go through the browser flow twice. You'll be prompted for the 2FA code
+  after the first run)
+3. `email&password`, regular auth method, uses the same credentials as Bitwarden's Web Vault.
+  That's most likely what you want to use
+
 ## Usage
 
 Commands can generally be used directly, and will handle logging in or