diff --git a/docs/docs/configuration/authentication.md b/docs/docs/configuration/authentication.md
index f34ae45d9..5b8289bf0 100644
--- a/docs/docs/configuration/authentication.md
+++ b/docs/docs/configuration/authentication.md
@@ -14,6 +14,13 @@ Frigate supports two modes for authentication
 | `native` | (default) Use this mode if you don't implement authentication with a proxy in front of Frigate.                                                                                 |
 | `proxy`  | Use this mode if you have an existing proxy for authentication. Supports passing authenticated user downstream to Frigate for role-based authorization (future implementation). |
 
+The following ports are used to access the Frigate webUI
+
+| Port   | Description                                                                                                                                                                |
+| ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `8080` | Authenticated UI and API access without TLS. Reverse proxies should use this port.                                                                                         |
+| `5000` | Internal unauthenticated UI and API access. Access to this port should be limited. Intended to be used within the docker network for services that integrate with Frigate. |
+
 ### Native mode
 
 Frigate stores user information in its database. Password hashes are generated using industry standard PBKDF2-SHA256 with 600,000 iterations. Upon successful login, a JWT token is issued with an expiration date and set as a cookie. The cookie is refreshed as needed automatically. This JWT token can also be passed in the Authorization header as a bearer token.