The user identification rules include headers, TLS fingerprints , ip addresses etc. but not the XC WAF generated TS session cookie and this session cookie is available on F5 AWAF/ASM for session tracking. If the WAF is licensed on XC this will be a nice option.
Outside of that if the XC Bot protection is licences a nice integration will be to use the Device ID + that is generated by Shape security as a user identification as on F5 AWAF/ASM the Bot protection Device ID can be used for the session tracking. If the Bot Protection is licensed on XC this will be a nice option.