User and group information is uploaded to the Symantec WSS Portal, but when you check the Auth Connector icon in Services, it randomly switches from connected to disconnected.
The primary cause of this is when the Auth traffic is routed through the IPSec tunnel used to redirect user traffic to the cloud service.
The Auth Connector needs a direct connection to the WSS Portal and the traffic can not be inspected. Create a rule in your firewall that redirects the Auth Connector traffic outside of the IPsec tunnel. For the destination, use the IPs of auth.threatpulse.com, which you can find here.