When you activate Mobile VPN with IKEv2, the Allow IKEv2-Users policy is automatically created
This policy allows the groups and users you configured for IKEv2 authentication to get access to resources on your network. By default, this policy allows access to all network resources.
The single group name IKEv2-Users appears in the From list of the Allow IKEv2-Users policy. Even though any other group and user names you added to the Mobile VPN with IKEv2 configuration do not appear in the From list, this policy does apply to all users and groups in the IKEv2 configuration.