Hiding transcribe user when using JWT auth

I was able to get Jigasi working for both SIP calls and transcribe by setting PREVENT_AUTH_LOGIN on both my sip and XMPP users to false, and logging in via a user set up using org.jitsi.jigasi.xmpp.accc.USER_ID. When I use a user such as recorder@recorder.mydomain.tld, SIP users come into the call in the hiddenDomain (recorder.mydomain.tld). If I use a user such as myjigasiuser@auth.mydomain.tld, the transcribe user is not hidden. Changing PREVENT_AUTH_LOGIN on either of the users causes failure to log in due to token issues, and using BOSH on either seems to result in authentication failures as well. My BOSH reports itself to be correctly configured when I go to https://mydomain.tld/http-bind.

Can anybody walk me through what I may be doing wrong to get this to work or how to debug further?