Hello.
As an cppm administrator daily business has to be simplified where ever possible.
There are many reasons why an user access is rejected. One of them can be "Unique-Device-Count reached".
If you are working with the "Unique-Device-Count" and the limit is reached, the output in the Access Tracker looks like "Output: Enforcement Profiles: [Deny Access Profile]".
If you want it more specific the solution can look like this:
1. Copy the system defined Enforcement Profile "[Deny Access Profile]"
2. Adjust the name of the profile. For example --Deny Unique Device Count--"
3. Due to behavior of CPPM choose "Radius:Aruba Aruba-User-Role = deny" as Attribute
4. Make sure the Action of the new Profile is still "Reject"
5. Replace the old [Deny Access Profile] with the new one in your Enforcement Policies -> Rules -> Actions
Your Access Tracker entry for rejected users who reached the device limit should look like this now:
Summary: Enforcement Profiles: --Deny Unique Device Count--
If you find this solution useful or want to add something, please let me know.