diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
index 4d1c23ba6c9..347c710be6c 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/pom.xml
@@ -360,6 +360,10 @@
             <groupId>org.wso2.carbon.multitenancy</groupId>
             <artifactId>org.wso2.carbon.tenant.mgt</artifactId>
         </dependency>
+        <dependency>
+            <groupId>commons-validator</groupId>
+            <artifactId>commons-validator</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
index 68297a55545..ee649baf1d1 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/otp/mgt/service/OTPManagementServiceImpl.java
@@ -20,6 +20,7 @@ import com.google.gson.Gson;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationManagementException;
 import org.wso2.carbon.device.mgt.common.exceptions.BadRequestException;
 import org.wso2.carbon.device.mgt.common.exceptions.DBConnectionException;
@@ -41,6 +42,7 @@ import org.wso2.carbon.device.mgt.core.otp.mgt.dao.OTPManagementDAOFactory;
 import org.wso2.carbon.device.mgt.core.otp.mgt.exception.OTPManagementDAOException;
 import org.wso2.carbon.device.mgt.core.otp.mgt.util.ConnectionManagerUtil;
 import org.wso2.carbon.device.mgt.core.service.EmailMetaInfo;
+import org.apache.commons.validator.routines.EmailValidator;
 import org.wso2.carbon.user.api.Tenant;
 
 import static org.wso2.carbon.device.mgt.common.DeviceManagementConstants.OTPProperties;
@@ -102,13 +104,18 @@ public class OTPManagementServiceImpl implements OTPManagementService {
 
     @Override
     public OneTimePinDTO isValidOTP(String oneTimeToken) throws OTPManagementException, BadRequestException {
+        if (StringUtils.isBlank(oneTimeToken)){
+            String msg = "Received blank OTP to verify. OTP: " + oneTimeToken;
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
         OneTimePinDTO oneTimePinDTO = getOTPDataByToken(oneTimeToken);
         if (oneTimePinDTO == null) {
             String msg = "Couldn't found OTP data for the requesting OTP " + oneTimeToken + " In the system.";
             log.error(msg);
             throw new BadRequestException(msg);
         }
-
         if (oneTimePinDTO.isExpired()) {
             log.warn("Token is expired. OTP: " + oneTimeToken);
             return null;
@@ -197,9 +204,17 @@ public class OTPManagementServiceImpl implements OTPManagementService {
         DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance()
                 .getDeviceManagementConfig();
         KeyManagerConfigurations kmConfig = deviceManagementConfig.getKeyManagerConfigurations();
-        String superTenantUsername = kmConfig.getAdminUsername();
 
-        if (!otpWrapper.getUsername().equals(superTenantUsername)) {
+        if (StringUtils.isBlank(otpWrapper.getUsername())) {
+            String msg = "Received Blank username to create OTP. Username: " + otpWrapper.getUsername();
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
+        String[] superTenantDetails = otpWrapper.getUsername().split("@");
+
+        if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(superTenantDetails[1]) || !superTenantDetails[0]
+                .equals(kmConfig.getAdminUsername())) {
             String msg = "You don't have required permission to create OTP";
             log.error(msg);
             throw new UnAuthorizedException(msg);
@@ -262,11 +277,21 @@ public class OTPManagementServiceImpl implements OTPManagementService {
             log.error(msg);
             throw new BadRequestException(msg);
         }
+
+        EmailValidator validator = EmailValidator.getInstance();
+        if (!validator.isValid(otpWrapper.getEmail())) {
+            String msg = "Found invalid email. Hence please verify the email address and re-try. Email: " + otpWrapper
+                    .getEmail();
+            log.error(msg);
+            throw new BadRequestException(msg);
+        }
+
         if (StringUtils.isBlank(otpWrapper.getEmailType())) {
             String msg = "Received empty or blank email type field with OTP creating payload.";
             log.error(msg);
             throw new BadRequestException(msg);
         }
+        tenant.setDomain(otpWrapper.getEmail().split("@")[1]);
         tenant.setEmail(otpWrapper.getEmail());
         return tenant;
     }
diff --git a/pom.xml b/pom.xml
index d522b61dab6..d12b76d9f45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1772,6 +1772,11 @@
                 <artifactId>maven-checkstyle-plugin</artifactId>
                 <version>${maven.checkstyle.vesion}</version>
             </dependency>
+            <dependency>
+                <groupId>commons-validator</groupId>
+                <artifactId>commons-validator</artifactId>
+                <version>${apache.validator.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -2219,6 +2224,9 @@
         <!--apache osgi mock version-->
         <apache.osgi.mock.version>2.3.2</apache.osgi.mock.version>
 
+        <!--apache validator version-->
+        <apache.validator.version>1.7</apache.validator.version>
+
         <!-- api-mgt handler version properties -->
         <org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
         <org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>
@@ -2252,7 +2260,7 @@
         <node.version>v12.18.1</node.version>
 
         <maven.checkstyle.vesion>3.1.0</maven.checkstyle.vesion>
-        
+
         <!--websocket related lib versions-->
         <tomcat.websocket.version>7.0.85</tomcat.websocket.version>
         <javax.websocket.version>1.0</javax.websocket.version>