Duende IdentityServer itself doesn’t implement multi-factor authentication (MFA). MFA is part of the login process in the user interface which is the responsibility of the hosting application. Microsoft provides some general guidelines on how to enable MFA in ASP.NET Core.
When using IdentityServer as a federation gateway, interactive users authenticate at the upstream provider. Typically the upstream provider will perform the entire user authentication process, including any MFA required. There’s no special configuration or implementation needed in IdentityServer in this case, as the upstream provider handles everything.