> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Intermediate sessions in authentication

> Intermediate sessions are used during authentication flows that require intermediate steps before a member can be fully authenticated.

## Overview

The Stytch API returns an `intermediate_session_token` instead of a full `session_token` when intermediate authentication steps are required, such as multi-factor authentication (MFA).

Once a user completes all necessary authentication steps, the `intermediate_session_token` can be exchanged for a full member `session_token`.

<Check>
  The [frontend SDK](/api-reference/b2b/frontend-sdks/react/overview) automatically stores the returned `intermediate_session_token` and will include them in subsequent authentication requests.
</Check>

***

## In authentication flows

Intermediate session tokens are used to retain the authentication state throughout these flows.

These guides detail what happens during each flow and provide examples for guidance (if you are building your own authentication UI flow while using the Stytch API):

<Columns cols={2}>
  <Card title="Organization discovery" href="./discovery">
    The state after authentication and before the user selects an organization to access.
  </Card>

  <Card title="Multi-factor authentication (MFA)" href="./mfa">
    Also called two-factor authentication (2FA), multi-factor authentication requires users to provide two or more factors to verify their identity.
  </Card>

  <Card title="Step-up authentication" href="./step-up">
    A type of multi-factor authentication where an application requests additional identification information to verify a user's identity, often to meet security or compliance requirements.
  </Card>
</Columns>

<Check>
  [Stytch UI](/multi-tenant-auth/build-auth/overview) provides pre-built, out-of-box support for all of the above authentication flows.
</Check>