You are using/installing it correctly.  The peruserconfig mode is both for devices that can be used by multiple different users - either concurrently or not.

The way it works is that for regular mode, the Netskope client installs one device-wide configuration based on the identity of the user that ran the install or used IDP to authenticate - and that identity remains the same regardless of what account is logged into the endpoint.  With peruserconfig mode, each user account gets it's own unique configuration so that each unique user's identity is used when connecting to Netskope.

Makes sense. In that regard, how do you all effectively review the "Client Status" on devices in which multiple users have logged in?

It's been my experience when I'm in Settings>Security Cloud Platform>Devices that:

• multi-user systems have a client status of "Multiple Statuses"
• depending on what user you select, you may get an Enabled or Disabled status

It's tedious at times to determine the primary/current user to see if there's an issue with the current state of the client.

Personally I think the default install should always be Multi User Mode (mode=peruserconfig). Even if only one user will be using the device for the most part there is really no disadvantage to multi user install and if someone else were to ever logon to the laptop it will then log traffic and more importantly apply the correct policies based on the logged on user. If the default install mode is used and a laptop is reissued to someone else or someone else logs in for whatever reason they are going to be getting the policies from whoever the very first person to logon to the machine is. 

I agree, peruserconfig should be the default for managed devices. 

How do i enable Multi User Mode (mode=peruserconfig) ?