This setup assumes that you have a front-end reverse proxy that performs authentication, which sets the authenticated user name as an HTTP header and pass it on to Jenkins.

According to this thread and this thread, Apache configuration to do this would something like this:

# prevent the client from setting this header
RequestHeader unset X-Forwarded-User

RewriteEngine On
# see the Apache documentation on why this has to be lookahead
RewriteCond %{LA-U:REMOTE_USER} (.+)
# this actually doesn't rewrite anything. what we do here is to set RU to the match above
RewriteRule .* - [E=RU:%1]
RequestHeader set X-Forwarded-User %{RU}e