The BLE Pairing Algorithms are described in Vol 3, Part H, Section 2.3.5 in the Bluetooth Core specification, v4.2.
In short, you need to set that MITM protection is required in the GAP security parameters (see the ble_gap_sec_params_t struct). Then the IO capabilities of the devices will be used in the pairing process. Table 2.9 displays what IO combinations that will trigger a passkey entry. I'm assuming you are using a nRF51 DK, this doesn't have a keyboard or display, so NoInputNoOutput should be used as IO capability. This does not however trigger a passkey entry.
You could however set the IO capability to DisplayOnly and set the passkey to a static value. Then you don't need to actually display the key to know what it is. Please see this MSC.
I have added this static passkey functionality in the ble_app_uart example in SDK 8.1.0, please examine this.
