Yes absolutely, in example. I've got these two users
(sede-mc3200) #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- ---------
192.168.50.116 90:00:db:6d:42:e4 CBRBO\irenemanzi office-role 00:00:55 802.1x RAP-SAIARINO Associated(Remote) renana_office/18:64:72:7a:5a:60/g-HT office-aaa split tunnel Android
192.168.50.119 f4:b7:e2:51:65:6f CBRBO\mauriziobrunazzi office-role 00:04:50 802.1x RAP-SAIARINO Associated(Remote) renana_office/18:64:72:7a:5a:60/g-HT office-aaa split tunnel Win 8
They are the same but in the PA I see only the second IP associated with the user, that is a Windows machine. For the first, I see the IP but not the user, in the PA, so it goes in the wrong policy.
Thank you for your prompt response,
Luca