diff --git a/demo/collections/PublicUsers.js b/demo/collections/PublicUsers.js
index d9222dad9f..b0b5f441e8 100644
--- a/demo/collections/PublicUsers.js
+++ b/demo/collections/PublicUsers.js
@@ -32,6 +32,8 @@ module.exports = {
   },
   auth: {
     tokenExpiration: 300,
+    emailVerification: true,
+    generateVerificationUrl: (req, token) => `http://localhost:3000/api/verify?token=${token}`,
     cookies: {
       secure: process.env.NODE_ENV === 'production',
       sameSite: 'Lax',
diff --git a/src/collections/init.js b/src/collections/init.js
index 5146695eb6..6b50388e53 100644
--- a/src/collections/init.js
+++ b/src/collections/init.js
@@ -23,6 +23,10 @@ function registerCollections() {
       schema.plugin(passportLocalMongoose, { usernameField: 'email' });
       schema.path('hash').options.hide = true;
       schema.path('salt').options.hide = true;
+      if (collection.auth.emailVerification) {
+        schema.add({ verified: { type: Boolean, hide: true } });
+        schema.add({ verificationToken: { type: String, hide: true } });
+      }
     }
 
     schema.plugin(mongooseHidden);
diff --git a/src/collections/operations/create.js b/src/collections/operations/create.js
index 16fb7a6bf4..6b8234cd3c 100644
--- a/src/collections/operations/create.js
+++ b/src/collections/operations/create.js
@@ -138,8 +138,15 @@ async function create(args) {
     result.setLocale(locale, fallbackLocale);
   }
 
-  if (collectionConfig.auth && data.email) {
-    data.email = data.email.toLowerCase();
+  if (collectionConfig.auth) {
+    if (data.email) {
+      data.email = data.email.toLowerCase();
+    }
+    if (collectionConfig.auth.emailVerification) {
+      data.verified = false;
+      data.verificationToken = 'asdf'; // TODO: Use bcrypt
+      // TODO: Generate and send email
+    }
   }
 
   Object.assign(result, data);