You have the wrong JSONpath for the identity in the Manage Access step inside your loop.
You have this: $.trigger.identity.id
It should be this: $.loop.context.trigger.identity.id
More information on configuring the loop context can be found here: Operators - SailPoint Identity Services