Based on the photo below from the admin guide, I'm trying to understand why you would choose one solution over another.
I think I understand why you'd want to use the TSA in conjunction with another solution. In environments with multi-user systems—such as Microsoft Terminal Server or Citrix environments—many users share the same IP address. In this case, the user-to-IP address mapping process requires knowledge of the source port of each client.
But why would you use say GlobalProtect instead of the Microsoft AD Server Monitoring solution? Wouldn't the act of logging onto the PC generate the user to IP mapping? If so, why would I configure GP?
One big one pro GP is for example when you put your AD on Azure, you can't easily read logs from there Syslog can be useful in a very mobile environment where users are logging on to access points or NAC solutions from systems that may not be AD integrated (or don't support 'windows')