Based on the photo below from the admin guide, I'm trying to understand why you would choose one solution over another.
I think I understand why you'd want to use the TSA in conjunction with another solution. In environments with multi-user systems—such as Microsoft Terminal Server or Citrix environments—many users share the same IP address. In this case, the user-to-IP address mapping process requires knowledge of the source port of each client.
But why would you use say GlobalProtect instead of the Microsoft AD Server Monitoring solution? Wouldn't the act of logging onto the PC generate the user to IP mapping? If so, why would I configure GP?