Not sure if this is a feature request or a bug really, but I use the SSO feature of the WPMUDEV dashboard, I have noticed that it completely bypasses all security plugins (including yours) auditing of “someone has logged in”. Defender doesn’t put the login into the Audit Logs, Wordfence doesn’t alert me that an Admin has logged in. Fail2Ban doesn’t log it to the Auth.log.
This probably means that its bypassing all sorts of things behind the scenes (I assume the standard WP hooks are therefore not called).
Surely at Least Defender should be logging the access?