diff --git a/features/request/RequestContext.php b/features/request/RequestContext.php
index 251a1cf..10f9271 100644
--- a/features/request/RequestContext.php
+++ b/features/request/RequestContext.php
@@ -478,7 +478,8 @@ public function iCallMfaCreate()
             $this->requestData['employee_id'],
             $this->requestData['type'],
             $this->requestData['label'],
-            $this->rpOrigin
+            $this->rpOrigin,
+            $this->requestData['recovery_email'] ?? '',
         );
     }
 
diff --git a/features/request/request.feature b/features/request/request.feature
index 32ac9ec..d4a4ea6 100644
--- a/features/request/request.feature
+++ b/features/request/request.feature
@@ -328,7 +328,30 @@ Feature: Formatting requests for sending to the ID Broker API
         {
           "employee_id": "12345",
           "type": "webauthn",
-          "label": "Blue security key"
+          "label": "Blue security key",
+          "recovery_email": ""
+        }
+        """
+
+  Scenario: Creating an mfa recovery option
+    Given I am using a baseUri of "https://api.example.com/"
+      And I have indicated not to validate the id broker ip
+      And I have provided an rpOrigin of "https://login.example.com"
+      And I provide an "employee_id" of "12345"
+      And I provide a "type" of "recovery"
+      And I provide a "label" of "Blue security key"
+      And I provide a "recovery_email" of "recovery@example.com"
+    When I call mfaCreate
+    Then the method should be "POST"
+      And the url should be "https://api.example.com/mfa?rpOrigin=https%3A%2F%2Flogin.example.com"
+      And an authorization header should be present
+      And the body should equal the following:
+        """
+        {
+          "employee_id": "12345",
+          "type": "recovery",
+          "label": "Blue security key",
+          "recovery_email": "recovery@example.com"
         }
         """
 
diff --git a/src/IdBrokerClient.php b/src/IdBrokerClient.php
index 43a5075..d95e9ac 100644
--- a/src/IdBrokerClient.php
+++ b/src/IdBrokerClient.php
@@ -312,17 +312,21 @@ public function listUsers(array $fields = null, ?array $search = []): array
      * @param string $type
      * @param string|null $label
      * @param string|null $rpOrigin
+     * @param string|null $recovery_email
      * @return array|null
      * @throws ServiceException
      */
-    public function mfaCreate(string $employee_id, string $type, string $label = null, string $rpOrigin = ''): ?array
+    public function mfaCreate(string $employee_id, string $type, string $label = null, string $rpOrigin = '', string $recovery_email = ''): ?array
     {
+        var_dump($recovery_email);
         $result = $this->mfaCreateInternal([
             'employee_id' => $employee_id,
             'type' => $type,
             'label' => $label,
             'rpOrigin' => $rpOrigin,
+            'recovery_email'=> $recovery_email
         ]);
+
         $statusCode = (int)$result[ 'statusCode' ];
 
         if ($statusCode === 200) {
diff --git a/src/descriptions/id-broker-api.php b/src/descriptions/id-broker-api.php
index 0be09f2..64c02d8 100644
--- a/src/descriptions/id-broker-api.php
+++ b/src/descriptions/id-broker-api.php
@@ -182,7 +182,7 @@
                     'required' => true,
                     'type' => 'string',
                     'location' => 'json',
-                    'enum' => [ 'backupcode', 'totp', 'u2f', 'webauthn', 'manager' ],
+                    'enum' => [ 'backupcode', 'totp', 'u2f', 'webauthn', 'manager', 'recovery' ],
                 ],
                 'label' => [
                     'required' => false,
@@ -194,6 +194,11 @@
                     'type' => 'string',
                     'location' => 'query',
                 ],
+                'recovery_email' => [
+                    'required' => false,
+                    'type' => 'string',
+                    'location' => 'json',
+                ],
             ],
         ],
         'mfaDeleteInternal' => [