Entitlements required: recoverUsername (Recover user name).

Initiates a forgot username request for the user. Each step defines a method to verify the user's identity. Valid methods are "email", "emailotp", "smsotp", "voiceotp", "totp", "fingerprint", and "userpresence". A transaction identifier, steps remaining, and the next step to perform are returned in the response. When multiple steps are associated with the transaction, call the POST /v1.0/usc/username/recovery/{trxId}/validator API to verify the user's identity until only one step remains. When one step remains, call the PUT /v1.0/usc/username/recovery/{trxId} to verify the last step and recover the user's user name. The username is delivered via email after the user's identity is verified. The email method sends the username directly to the user's email. The method cannot be combined with other authentication mechanisms.

The "totp", "fingerprint", and "userpresence" verification methods require user enrollment. The "fingerprint" method also works with facial recognition. The "emailotp", "smsotp", and "voiceotp" verification methods do not require user enrollment, unless the authentication factors tenant configuration specifies "User-enrolled methods only".

When the system cannot recover the username, the audit event generated contains the cause of the error.

To use this API, username recovery must be enabled in the Cloud Directory identity provider.
Notifications can be branded by passing in the themeId as a query parameter. The templates for branding MFA notications are located at "authentication/mfa/".
For the email method, the email template for branding is at "authentication/login/cloud_directory/username/username_recovery.xml".
Pass in the themeId query parameter to brand the templates for notifications.