I have setup a role to test. This role is reading for custom attributes to be matched to a certain value.
I was unable to get the role to populate with users. Upon playing around with it a bit, I noticed that if I change an attribute of the user I was hoping it would pick up, it would then force a refresh of some sort and the user will end up in the role.
I am not sure what version of IDM you are using, but in 6.5 if you are in the admin UI and you go into the authentication section. Then inside of the session tab there is a switch that says “Enable Dynamic Roles”. Make sure that switch is turned on and saved. This should cause changes to your managed user to dynamically update themselves to the appropriate roles.