This issue is not actually related to Authentication and Authorization mapping rather there is a limitation of IDM and SM integration.
We need to use a field in a member policy which is common (attribute reference name wise) in both the user store. If you use the user attribute "Access Role attribute" which doesn't exist in AD.
I believe you need to take care of two points
1- Pick up an attribute which has a common reference name to hold the access role information in both the user store (AD and IDM related user store)
2- Sync this attribute between these two stores whenever there is a change in access role information.
Please check the following documentation for more information:
https://docops.ca.com/ca-identity-manager/14-0/EN/configuring/ca-single-sign-on-integration/ca-sso-operations/how-to-configure-access-roles
check the following note on this link
Note: Define member policies that use only directory attributes, for example: title=Manager. If you define member policies referencing to those objects not stored in the user directory such as admin roles, SiteMinder cannot be able to resolve the reference.