SSL VPN - Identity

Question

Hi everyone, 
 First, I'm using XG 310, current firmware is SFOS 17.5.5 MR-5 
 Client user authentication by Active Directory 
 I have a domain VPN group called VPN_Users , allowed this group to SSL VPN under Policy members. 
 I have a domain account called jacky is a member of VPN_Users . 
 Client jacky access to SSL-VPN by domain account is successful. 
 Look at SSL VPN -> Identity -> Policy members -> jacky@example.com appear in the list. 
 Why does the jacky appear in the Policy members list even though he had already a member of VPN_Users group? 
 
 Can anyone give me an explanation? 
 Thanks all.

Hung Ho · Answer

Solved by myself. 
 Since Jacky was granted to Administrator so his acc added to Policy Members under Identity. 
 Possible to remove his acc out of Policy Members. 
 Thanks.