The username provided via SSO is now considered a suggested default. Users can change it if they want. It is also modified if the username is already taken: In this case, the new user does not get the username from the SSO payload but an automatically generated alternative. (In theory, this can also happen with this setting enabled, e.g. if you have multiple similar usernames with characters not allowed in Discourse usernames.)
This should not affect anything else, as all matching between the SSO payload and Discourse users is leveraging the external ID or mail if needed.
If you enable the setting again, users will immediately lose the ability to change their username on your site.
On each logon, the users’ name will be reverted to the one from the payload, if possible. Of course, this might not be possible (another user might already use that username), so users might still get suggested usernames that differ from the SSO one.
Assuming your SSO only provides username that are legal in Discourse and all user log in regularly, after some time, the usernames will all match again.