Primary Email and Discourse SSO

At my company, we use SSO to allow students to sign in to our help forums using the email they provided when signing up for our service. This works fine unless we have siblings sign up with the same email address. When this happens, it seems like there’s one account tied to the email address (maybe the first student that logged in?) that both students share. I usually can fix this issue by requesting unique email addresses for each student and changing the email addresses we have on file in our company’s DB. I tried this recently, but it seems like the data associated with the original email address does not belong to the email address but rather is scoped to the username. Is this the intended behavior? Did something change with a recent update (we’re on 2.9.0beta9).

For a concrete example, consider this:

Two users, Jenny and Tommy, sign up for our company's service
Their parents use the email address when registering

User Jenny signs on to the forum with SSO with an email address 
User Tommy signs on to the forum with SSO with an email address 

Tommy is really active, but Jenny is not. Whenever Tommy logs on, 
Tommy\ sees the username Jenny though, because they share the 
same email address.

Admin is alerted of the issue and does the following:
    - Logs Jenny/Tommy out
    - Changes Jenny's email address to in our 
    company DB
    - Logs in as Tommy
        - Confirm's Tommy "owns" the address
    - Logs in as Jenny
        - Confirms Jenny "owns" the email address

Admin notices that even though Tommy "owns" the 
address, the data associated with that address is still scoped to 
Jenny's username.

I’d love to have a way to make the user data “owned” by the email address, not the username, that way I can easily transfer user data between users based on the email address. If this is not possible, no worries. I thought it was possible before, but I may be mistaken.