Revoking all access based on identity attribute change

You have the wrong JSONpath for the identity in the Manage Access step inside your loop.

You have this: $.trigger.identity.id
It should be this: $.loop.context.trigger.identity.id

More information on configuring the loop context can be found here: Operators - SailPoint Identity Services