When the request is coming to the SP, the user identity is already authenticated in IDP side, and to pass this to the SP side for validation, it is done with the attributes included in the assertion. This is configured in the partnership settings. You may check in your current partnership (SP side) to check in the User Identification section which Identity Attribute is being obtained from the Assertion, and how it is being mapped to your current User Directories. You may choose a different attribute here as well.
In AdminUI, you can go to Federation > Partnerships > Modify your partnership > Go to step 2 (User Identification), and review the current settings to see which is being used to set the SM_USER afterwards
By default it is set to use the NameID in the assertion, and then it use the UniversalID attribute set in the User Directory used to set the SM_USER header.