...
During the pilot, a service's particular error or alternate login page will have an additional button called "Try authenticating via Touchstone". So for example, if you try to log in to Stellar and your certificate does not work or you do not have one, you currently get the page below. 
When the Touchstone pilot goes live, there will be an additional section underneath the current MIT Community Users section on the page below.
During the initial phase of the pilot the pilot applications will always require an explicit customer action to "try Touchstone" if login fails by default. It should never re-direct there automatically, unless the user has at least once chosen to use Touchstone and set explicit preferences for their use of Touchstone.
Here is a screen shot of what a user of Stellar will see if a certificate is not presented to Stellar when logging in:
The login page for http://wiki.mit.edu is intending to take a similar, yet slightly different approach as seen here: 
2) There are some "start-up" or transition aspects to using this service. It may slow people down, or require them to get some additional information before they can get to web-based information on which they depend to do their work or studies, and which is time-senstive. What can we say to someone about the benefits of this new system, which helps to offset the unfamiliar way of going about old tasks? We would expect clients to ask the following questions. What answers might we give?
...
MIT Touchstone is in its early phase of deployment. You are likely to need certificates to authenticate to other web applications at MIT for the foreseeable future.
MIT tickets issued to users typically expire near the end of the fiscal year when the certificate was issued. MIT users may select to have a certificate with a shorter lifetime. The certificate that expires in 2026 is the MIT CA (certificate authority) certificate, that certificate is used to validate the user certificates. The long lifetime is used so that users should not have to reinstall the certificate during the useful lifetime of the computer.
User should also remember that when properly used, certifcates provide a better defence from having your account compromised by phishing attacks or other mechanims than simply using passwords. MIT Touchstone supports username and password authentication only because certificates and other strong authentication technologies cannot be used on all systems everwhere in the world today.
...
Similarly, why/how to choose between the "Authentication Options" (https://idp.mit.edu/auth-options) radio buttons? What about putting a link called "How to choose between these options" to documentation or some background information at the top of this same page?
4)
...
It may be difficult for clients to know whether they are having difficulties with Touchstone, or a different product/service to which it provides access. If the Help Desk identified the problem as a Touchstone issue, what items of information is it useful for us to collect in order to escalate?
- What is the name of the customer?
- What was the time and date when the problem occurred?
- What URL was the user trying to access?
- What browser was being used? (Brand and version)
- What application was the user trying to access?
- What machine was being used when trying to access the URL? (Physical location, hostname, IP address if known)
- Which authentication method(s) did the user attempt to use? (username / password, certificate, existing tickets)
- What error message was displayed?
...