CSRF means Cross-Site Request Forgery and is a type of attack. Most likely it's a false positive. Aggressive caching may prevent JIG from adding users of external content sources. Try disabling W3 Total Cache plugin or other caching plugins just while you add your user. Once it is successful and saved, you can re-enable caching.