The implementation needs urgent adjustment.
Passing the username is the name that is supplied by the identity provider. eg for Azure AD that will be the login the user has on the domain, which is also usually the primary SCM/RCS login name.
So instead this random user name appears which the user has no clue of, the help desk can’t find it in the Active Directory and more than that it is automatically added to the list of SCM accounts (why?).
Worse however is that the actual supplied login (the user’s actual domain login) is not added to the SCM account list (only the irrelevant invented one plus their email). So then blame doesn’t work unless somebody adds it manually.
It’s a poor implementation and needs a fix. At least allow us to pass an attribute that switches off this behaviour and use the supplied ‘login’ as intended; which is also added to the SCM account list so no follow-up activity is needed.