Currently, you are required to specify a username and password in the config for this plugin. However, if you are using an SSO solution for login (such as GitHub or SAML), this will not work. It's also not best practice for a non-human to use a password.

Jenkins provides the ability to create API tokens for this purpose. We should have the option to configure an API token instead of username/password (optionally, for backwards compatibility of existing installations).