diff --git a/docs/releases/0.6.0.md b/docs/releases/0.6.0.md
index b54ced0..91414cc 100644
--- a/docs/releases/0.6.0.md
+++ b/docs/releases/0.6.0.md
@@ -54,6 +54,9 @@ PR [#2205](https://github.com/inventree/InvenTree/pull/2205) represents a major
 
 PR [#2208](https://github.com/inventree/InvenTree/pull/2208) provides notification emails when the stock level for a particular part falls below the configured "minimum stock" threshold for that part. An email is automatically sent to any users who are subscribed to notifications for that part.
 
+### MFA Support
+
+PR [#2221](https://github.com/inventree/InvenTree/pull/2221) adds support for MFA (multi factor authentication). This enables admins to require all users to enable MFA as a second auth step. Refer to the [documentation](../settings/mfa) for further information.
 ### Stock Item Forms
 
 PR [#2198](https://github.com/inventree/InvenTree/pull/2198) provides a major refactor of stock item forms, for creating and editing stock items. These forms have been migrated to the REST API, providing a much more responsive user experience.
diff --git a/docs/settings/MFA.md b/docs/settings/MFA.md
new file mode 100644
index 0000000..66ca66b
--- /dev/null
+++ b/docs/settings/MFA.md
@@ -0,0 +1,18 @@
+---
+title: InvenTree Multi Factor Authentication
+---
+
+## Multi Factor Authentication
+
+ InvenTree gives the option to use TOTP or statically generated backup tokens as an additional factor to password or SSO authentication. This is a widely adopted security feature on enterprise web services. We highly encourage to enable it if you expose your instance to the public internet.
+
+As TOTP is an [open standard](https://datatracker.ietf.org/doc/html/rfc6238) there are a lot of different ways to hold your key and generate the time based tokens needed for authentication. That ranges from physical devices to password managers and mobile apps. We do not advertise any method but recommend to keep password and token generator seperate from each other.
+
+### Configuration
+
+To make MFA mandatory for all users
+1. Enable it in the [global settings](../settings/global.md).
+
+### Security Consideration
+
+A user can lock themself out if they lose access to both the device with their TOTP app and their backup tokens. An admin can delete their tokens from the admin pages (they exsist under the 'TOTP devices' / 'static devices' models) . This should be a last resort and only done by people knowledgeable about the [admin pages](../settings/admin.md) as changes there might circumvent InvneTrees buisness and security logic.
diff --git a/docs/settings/global.md b/docs/settings/global.md
index 1b39a24..a8c08da 100644
--- a/docs/settings/global.md
+++ b/docs/settings/global.md
@@ -29,6 +29,7 @@ Change how logins, password-forgot, signups are handled.
 | Enable SSO | Boolean | Enable SSO on the login-pages | False |
 | Enable password forgot | Boolean | Enable password forgot function on the login-pages.<br><br>This will let users reset their passwords on their own. For this feature to work you need to configure E-mail | True |
 | E-Mail required | Boolean | Require user to supply e-mail on signup.<br><br>Without a way (e-mail) to contact the user notifications and security features might not work! | False |
+| Enforce MFA | Boolean | Users must use multifactor security.<br><br>This forces each user to setup MFA and use it on each autentication | False |
 | Mail twice | Boolean | On signup ask users twice for their mail | False |
 | Password twice | Boolean | On signup ask users twice for their password | True |
 | Auto-fill SSO users | Boolean | Automatically fill out user-details from SSO account-data.<br><br>If this feature is enabled the user is only asked for their username, first- and surname if those values can not be gathered from their SSO profile. This might lead to unwanted usernames bleading over. | True |
diff --git a/mkdocs.yml b/mkdocs.yml
index 53fe68f..a0e2ef1 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -101,6 +101,7 @@ nav:
     - Admin Interface: settings/admin.md
     - User Permissions: settings/permissions.md
     - Single Sign on: settings/SSO.md
+    - Multi Factor Authentication: settings/MFA.md
     - Export Data: settings/export.md
     - Import Data: settings/import.md
     - Python Shell: settings/shell.md