Creating policies using the "Classic" and "EPM" modes (application based policies) are quite different especially if you are creating AZ policies that are based on a mutil-value string attribute.
For example, mail can contain multiple email addresses. But if you want to authorize the user, you should specify only 1 email address among the list. Classic and EPM modes have different syntax to do it.
To illustrate the configuration difference :
In classic mode in R12 SP3 in the policy we create the LDAP search expression using the Expression Editor as (email@example.com) and User Class as Search Users
In EPM mode use the "IN" operator rather than the "=" or the "LIKE"
Create an attribute mapping the user directory
*Value: (firstname.lastname@example.org IN email)
Create a role : Boolean(Multivalue)