Just to add we are also getting the same issues. I use FGT & FAZ. We are using FSSO and on the FAZ Report sometime the FSSO username is displayed, sometimes by ip address. Some occasions the same user is accounted twice by either his or her fsso username or pc ID.
And I found that the FGT detected "teiji-k@...ne.jp" as user name, which is also recognized as
"192.168.1.240(teiji-k@...ne.jp)" in the Fortianalyzer logs.
If you have device detection enabled on FGTs and no other definitive user identity info available (eg. FSSO or firewall authenticated users...), the FGTs can learn some un-official identities from the devices such as the email login teiji-k@...ne.jp etc and write the info to the traffic log. FAZ will use this information for reports.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.