> ## Documentation Index > Fetch the complete documentation index at: https://stytch.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Multi-factor authentication (MFA) > Sessions during multi-factor authentication flows. ## What is multi-factor authentication? Multi-factor authentication (MFA) is a mechanism that requries users to provide two or more authentication factors to verify their identity. *** ## What happens If a user is required to complete multi-factor authentication, a `intermediate_session_token` is returned instead of a `session_token` in response to the initial authentication request, and an OTP code is automatically sent to the user's phone number (if they are enrolled in SMS OTP). The following values will also be set in the authentication response: Value will be `false`. Value may be non-null if the member also needs to complete a primary step-up authentication flow. If this value is non-null, the primary step-up flow should be completed before proceeding to MFA completion. Value will be non-null and will contain which form of MFA is required to be completed. ### Sample response ```json Response 200 expandable theme={null} { "intermediate_session_token": "Fxq0E...", "member": { // Full Member object }, "member_authenticated": false, "member_id": "member-...", "member_session": null, "method_id": "member-email-...", "mfa_required": { "member_options": { "mfa_phone_number": "XXXXXXX1234", "totp_registration_id": "" }, "secondary_auth_initiated": "sms_otp" }, "organization": { // Full Organization object }, "organization_id": "organization-...", "request_id": "request-id-...", "reset_sessions": false, "session_jwt": "", "session_token": "", "status_code": 200 } ``` *** ## Next steps At this point, you will need to prompt the user to completed the required MFA step. See our guide on how to implement multi-factor authentication: Guide to integrating multi-factor into your own authentication flow.