Investigate detects invalid login

Login is attributed to the wrong user

CASB/Cloudsoc Gatelet Deployment , Endpoints routes the traffic using the "WSS Agent"

The main cause of the issue is the "Duplicate secondary IDs".

Cloudsoc enforces the uniqueness on the primary user id, though the condition is relaxed on the secondary user id, where multiple user accounts can share the same secondary id.

for example: [email protected]  and [email protected] can both have the secondary user id set to DOMAIN\USER

In case where multiple user accounts share the same secondary ID, the mapping process returns the first matching account, which may lead to reporting inconsistencies.

To prevent this issue, each Cloudsoc user must have a unique secondary ID.