Currently unified login only looks at user object, so a local user could have the same name as a high security domain user and use that local object and login to Sage ERP 100.

To make this secure we need a field to out in a domain, if that was filled in it would query the user and domain object and that would fix this hole in security.