Brian,
Another option if your users have performed MFA to access the server you could also almost treat it as a jump host where you whitelist the IP address of the server. This will allow you to SSH into other servers internally and not be challenged...
It looks like the support team tried to find your account based on the email you used to contact them. If you reply with your admin email address they will be able to help you out.
If you also have a SAML IDP you can use that and still point to ISE for Authorization. The End user experience will then be what you currently see in the browser.
Here is a doc with our Duo Access Gateway however if you use something like Azure AD or...