diff --git a/services/identity/src/constants.rs b/services/identity/src/constants.rs
--- a/services/identity/src/constants.rs
+++ b/services/identity/src/constants.rs
@@ -10,6 +10,7 @@
 pub const PAKE_USERS_TABLE_PARTITION_KEY: &str = "userID";
 pub const PAKE_USERS_TABLE_REGISTRATION_ATTRIBUTE: &str =
   "pakeRegistrationData";
+pub const PAKE_USERS_TABLE_USERNAME_ATTRIBUTE: &str = "username";
 
 pub const ACCESS_TOKEN_TABLE: &str = "identity-tokens";
 pub const ACCESS_TOKEN_TABLE_PARTITION_KEY: &str = "userID";
diff --git a/services/identity/src/database.rs b/services/identity/src/database.rs
--- a/services/identity/src/database.rs
+++ b/services/identity/src/database.rs
@@ -19,6 +19,7 @@
   ACCESS_TOKEN_TABLE_PARTITION_KEY, ACCESS_TOKEN_TABLE_TOKEN_ATTRIBUTE,
   ACCESS_TOKEN_TABLE_VALID_ATTRIBUTE, PAKE_USERS_TABLE,
   PAKE_USERS_TABLE_PARTITION_KEY, PAKE_USERS_TABLE_REGISTRATION_ATTRIBUTE,
+  PAKE_USERS_TABLE_USERNAME_ATTRIBUTE,
 };
 use crate::opaque::Cipher;
 use crate::token::{AccessTokenData, AuthType};
@@ -94,6 +95,20 @@
       .await
   }
 
+  pub async fn put_username(
+    &self,
+    user_id: String,
+    username: String,
+  ) -> Result<UpdateItemOutput, Error> {
+    self
+      .update_users_table(
+        user_id,
+        format!("SET {} :u", PAKE_USERS_TABLE_USERNAME_ATTRIBUTE),
+        HashMap::from([(":u".into(), AttributeValue::S(username))]),
+      )
+      .await
+  }
+
   pub async fn get_access_token_data(
     &self,
     user_id: String,