diff --git a/packages/sdk/src/handlers/tfa.ts b/packages/sdk/src/handlers/tfa.ts
index 86f099dcae..6418dd2d5e 100644
--- a/packages/sdk/src/handlers/tfa.ts
+++ b/packages/sdk/src/handlers/tfa.ts
@@ -1,5 +1,7 @@
 import { ITransport } from '../transport';
+import { TfaType, DefaultType } from '../types';
 
+type TfaItem<T = DefaultType> = TfaType & T;
 export class TFAHandler {
 	private transport: ITransport;
 
@@ -7,8 +9,13 @@ export class TFAHandler {
 		this.transport = transport;
 	}
 
-	async enable(password: string): Promise<void> {
-		await this.transport.post('/users/me/tfa/enable', { password });
+	async generate(password: string): Promise<TfaItem> {
+		const result = await this.transport.post('/users/me/tfa/generate', { password });
+		return result.data;
+	}
+
+	async enable(secret: string, otp: string): Promise<void> {
+		await this.transport.post('/users/me/tfa/enable', { secret, otp });
 	}
 
 	async disable(otp: string): Promise<void> {
diff --git a/packages/sdk/src/types.ts b/packages/sdk/src/types.ts
index a49a000059..be80f6110a 100644
--- a/packages/sdk/src/types.ts
+++ b/packages/sdk/src/types.ts
@@ -99,3 +99,8 @@ export type UserType = SystemType<{
 	// TODO: complete
 	email: string;
 }>;
+
+export type TfaType = SystemType<{
+	secret: string;
+	otpauth_url: string;
+}>;
diff --git a/packages/sdk/tests/handlers/tfa.test.ts b/packages/sdk/tests/handlers/tfa.test.ts
index 32eb72ff2f..3b999d68eb 100644
--- a/packages/sdk/tests/handlers/tfa.test.ts
+++ b/packages/sdk/tests/handlers/tfa.test.ts
@@ -6,15 +6,37 @@ import { Directus } from '../../src';
 import { test } from '../utils';
 
 describe('tfa', function () {
+	test(`generate`, async (url, nock) => {
+		const scope = nock()
+			.post('/users/me/tfa/generate', {
+				password: 'password1234',
+			})
+			.reply(200, {
+				data: {
+					secret: 'supersecret',
+					otpauth_url: 'https://example.com',
+				},
+			});
+
+		const sdk = new Directus(url);
+		const data = await sdk.users.me.tfa.generate('password1234');
+
+		expect(scope.pendingMocks().length).toBe(0);
+		expect(data).toStrictEqual({
+			secret: 'supersecret',
+			otpauth_url: 'https://example.com',
+		});
+	});
 	test(`enable`, async (url, nock) => {
 		const scope = nock()
 			.post('/users/me/tfa/enable', {
-				password: 'password1234',
+				secret: 'supersecret',
+				otp: '123456',
 			})
 			.reply(200, {});
 
 		const sdk = new Directus(url);
-		await sdk.users.me.tfa.enable('password1234');
+		await sdk.users.me.tfa.enable('supersecret', '123456');
 
 		expect(scope.pendingMocks().length).toBe(0);
 	});