I tested this on BigFix 11.0.4 using the IEM CLI with an operator account that has a 24-character username, and I was able to authenticate successfully using iem.exe login. I also verified the session by running REST API queries afterward, so I couldn't reproduce the issue with a 24-character operator name.
I believe this is LDAP user if so something outside BigFix is interfering it.
This limitation likely stems from the Active Directory sAMAccountName (pre-Windows 2000 logon name) attribute, which has a strict 20-character limit for backward compatibility with legacy Windows and LAN Manager clients.