Because it isn't the address that signs the transaction, but rather the public keys of the address that sign the transaction. The reason the address can be identified is because the redeemScript of the multisig address is included in the input. The redeemScript is what makes the address, and it includes some more stuff other than the public keys.