Yesterday we ran a stress test on our Splunk implementation. We use LDAP authentication and are currently hosting Splunk in Citrix. One user logged in as himself but noted, after a number of minutes, that the AppBar indicated that he was logged in as a different user. The user access level for both users is set to User and they do not know each other’s passwords. They are also using CAC authentication to get to the portal that is hosting Splunk.