The Identity policy set may or may not be evaluated when the user's settings are changed.
If it is not evaluated, we have to manually execute “Synchronize User”.
Release : 14.x
Component : IdentityMinder(Identity Manager)
The Identity Policy Set is evaluated when a task is performed, such as adding a role to a user.
For example, if you add a provisioning role from the User Console through the Change User task, the Identity Policy Set that accompanies the provisioning role is executed when you perform the Change User task.
However, if you add the provisioning role to the global user from the Provisioning Manager, the task will not be executed and the Identity Policy Set will not be evaluated.
If you update the global user, the task will not be executed because the changes will be updated by inbound sync to update the corporate user information on the user store.
If you perform an operation related to Identity Policy Set from Provisioning Manager, perform Tasks > Policies > "Synchronize User" from the User Console after the work.