Looks like you’re right, I’ve looked at the code a bit and inside of authenticator_app.rb it does list the organization first:
def issuer
Setting.get('organization').presence || Setting.get('product_name').presence || 'Zammad'
end
Guess in my specific case our organization name led me to believe it was domain based instead. 
Regardless, letting one customize this in a more specific way would be super handy, as just the organization name doesn’t clearly communicate that it is the 2FA code for the Zammad instance. I would also be happy with it just prepending “Zammad” to the name automatically.