Create a time-based one-time password enrollment.

Create a time-based one-time password enrollment.

If the authenticated user has the entitlement 'manageEnrollMFAMethodAnyUser', then the 'userId' attribute must be present in the request payload. Otherwise, the enrollment is associated with the authenticated user.

Entitlements:
- manageEnrollMFAMethodAnyUser (Manage second-factor authentication enrollment for all users)
- manageEnrollMFAMethod (Manage own second-factor authentication enrollment)