We should use UserID object to identify users instead of username.

chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc

Index: chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc
diff --git a/chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc b/chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc
index 42ee55c28901e3ae6076a0fdab812c39145b1234..289c0f6258bf4b6ac1c3071228891d4a5672a9d5 100644
--- a/chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc
+++ b/chrome/browser/chromeos/login/saml/saml_offline_signin_limiter.cc
@@ -45,7 +45,7 @@ void SAMLOfflineSigninLimiter::SignedIn(UserContext::AuthFlow auth_flow) {
     NOTREACHED();
     return;
   }
-  const std::string& user_id = user->email();
+  const user_manager::UserID& user_id = user->GetUserID();
 
   if (auth_flow == UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML) {
     // The user went through online authentication and GAIA did not redirect to
@@ -144,8 +144,8 @@ void SAMLOfflineSigninLimiter::ForceOnlineLogin() {
     return;
   }
 
-  user_manager::UserManager::Get()->SaveForceOnlineSignin(user->email(), true);
-  RecordReauthReason(user->email(), ReauthReason::SAML_REAUTH_POLICY);
+  user_manager::UserManager::Get()->SaveForceOnlineSignin(user->GetUserID(), true);
+  RecordReauthReason(user->GetUserID(), ReauthReason::SAML_REAUTH_POLICY);
   offline_signin_limit_timer_.reset();
 }