APM can identify the users that are generating application traffic by correlating login records from your domain controller to the hosts found in flow records. Setup has three essential steps, as coordination is required between your domain controller, a monitoring point, and APM: all monitoring points within a single domain that should have user resolution enabled must be grouped together; you must then designate one of those monitoring points to be the login event collector, which receives logs from the domain controller via ssl; optionally, use a CA-signed certificate for the ssl connection. Step-by-step instructions are baked into the app under > user resolution setup.

Limited support: APM currently supports user resolution only in environments running Active Directory on Windows Server 2008 R2.