In 'Captured Sessions' Identifier field is showing IP Address instead of User Id.
1. Not using correct Login Variable
2. Not using correct 'Session Identification Variable'
3. Application being monitored does not always require a login
4. Login page not being monitored
5. SSL key not applied
Note: The 'Login Variables' setting does not influence how user sessions are identified; it only affects how they are labeled in the 'Identifier' column of the 'Captured Sessions Log'. It doesn't influence how many sessions are captured--just whether they are labeled by the user name or whether they are labeled by the IP address.
Verify that the 'Login Variable' you are have entered into your configuration settings truly is the exact name of the variable that contains the user's actual 'login name'. You can use the 'Auto-Discover Login Variables' and try some test logins to the web site to help verify this.
The way to verify you have entered the correct 'Session Identification Variable' into your configuration is by drilling down on the User Session in the captured sessions log. Do you see the login page as the first page of the user session? If not, then you probably don't have the correct 'Session Identification Variable' configured. You need to use an identifier that is common across all Pages of the Application to tie the Session together.
Verify that the user actually enters their login name into a page during the session. The login names will only appear in the 'Captured User Sessions Log' if the user actually enters their login name into a page during the session. Some applications will cache the user's credentials so they are not required to enter a login name to access the application every time. In these cases, the IP address will appear in the Log instead of the login name.
Verify that the users are logging into a URL that is actually being monitored by the appliance. For example, perhaps the user logs into a portal that is not being monitored by the appliance and then they are redirected to the site the appliance is monitoring.
If the security/login portion of the website is SSL encrypted, ensure that 'Secure HTTP' has been configured--that the SSL key has been applied to that Server (in web console menu, Configure | Monitoring | Servers). If the login page is HTTPS and the SSL key has not been applied, the appliance will not be able to monitor the page in which the login occurs.