Took a while but I managed to get it to work.
I assume you want whoever clicks on that link to be set as the affected end user once they log into SDM, single sign-on or not. You'll need to change a number of forms if you can't be sure which role the logged-in user is going to have when they actually log in but that's the trade-off of this solution as it depends on form customization.
I built on the idea I presented earlier that maybe you could do something based on a custom URL parameter. It turns out this works just fine, so first construct the url with something like this
http://localhost/CAisd/pdmweb.exe?OP=CREATE_NEW+FACTORY=cr+KEEP.foo=bar
Then on the detail form right before the last script block within the head block is closed, add these lines (might not be too picky about the location but that that's where I have the lines and I know it works)
<PDM_IF "$args.KEEP.foo" == "bar">
<PDM_SET args.customer="$cst.id">
<PDM_SET args.customer.combo_name="$cst.combo_name">
</PDM_IF>
Now every time the user clicks on your link there is the custom KEEP param on the URL which is then tested on the PDM_IF block and the $args variables are set with PDM_SET accordingly. Verified this works for requests, so adapt it for incidents and replace the KEEP param with something more sensible and you're good to go.