Hi,
I created a custom Attestation policy from the copied of System entitlement memberships attestation. I triggered the Attestation policy on an employee.
I selected Deny as the decision. However, the UNSGroupB does not removed from the employee's UNSAccountB.
I have checked through the Configuration parameters - QER\Attestation\AutoRemovalScope\UNSGroupInUNSGroup\RemoveDirect is enabled.
May I know where else I need to check, in order for the membership to be removed from the employee, after the deny the attestation?
Thanks.