diff --git a/IdentityServer/v6/docs/content/ui/_index.md b/IdentityServer/v6/docs/content/ui/_index.md
index d542e084..8d88278c 100644
--- a/IdentityServer/v6/docs/content/ui/_index.md
+++ b/IdentityServer/v6/docs/content/ui/_index.md
@@ -7,6 +7,14 @@ chapter = true
 
 # User Interaction and Pages
 
+The design goal of Duende IdentityServer is to supply a full implementation of the OpenID Connect protocol while on the same time be the most flexible and extendible solution. One area that is customized in all deployments of IdentityServer is the user interface. It is typically branded to have the same look and feel as other web sites of the organization. The logic driving the pages is also closely related both to the design and the business rules. To allow full flexibility of the UI, including business rules and user flow, the UI is separated from the core IdentityServer product.
+
+![Overview](images/host.png)
+
+To get a quick start with the UI, we provide a [quick start UI]({{< ref "./../quickstarts/2_interactive#add-the-ui">}}) as well as a [quick start UI adapted to Asp.Net Identity]({{< ref "./../quickstarts/5_aspnetid">}}).
+
+## Required Pages
+
 As browser requests are made to the protocol endpoints in your IdentityServer, they will be redirected to the interactive pages for the user to see. Depending on the features required, the pages expected in your IdentityServer are:
 * [Login]({{< ref "./login" >}}): allows the user to login. This could be achieved with a local credential, or could utilize an external login provider (e.g. social or enterprise federation system).
 * [Logout]({{< ref "./logout" >}}): allows the user to logout (including providing single sign-out).
diff --git a/IdentityServer/v6/docs/content/ui/images/host.png b/IdentityServer/v6/docs/content/ui/images/host.png
new file mode 100644
index 00000000..81ae7627
Binary files /dev/null and b/IdentityServer/v6/docs/content/ui/images/host.png differ
diff --git a/IdentityServer/v6/docs/content/ui/login/mfa.md b/IdentityServer/v6/docs/content/ui/login/mfa.md
new file mode 100644
index 00000000..88efd076
--- /dev/null
+++ b/IdentityServer/v6/docs/content/ui/login/mfa.md
@@ -0,0 +1,14 @@
+---
+title: "Multi Factor Authentication"
+weight: 50
+---
+
+# Multi Factor Authentication
+
+IdentityServer itself doesn't implement MFA. MFA is of the login which is the [responsibility of the hosting application]({{< ref "..">}}).
+
+## MFA hosted in IdentityServer
+To make the local IdentityServer login page offer MFA anything that works with Asp.Net Core also works with IdentityServer. One approach is to use [Microsoft Asp.Net Identity](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity) that offers [MFA support](https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-enable-qrcodes).
+
+## MFA and external authentication
+When using Duende IdentityServer as a [federation gateway](../../federation) the user authentication is done on the upstream provider. It is common to let the upstream provider deal with the entire user authentication, including any MFA required. There's no special configuration or implementation needed on IdentityServer in this case, as the upstream provider handles everyting.
\ No newline at end of file