You cannot use transformed values in other transformations.
Where source attributes are multi-valued, such as memberOf, then all of the values are treated as discrete when evaluated for match conditions and if any of the values meet the condition the rule activates. Because of this, it is usually safer to avoid the negative matches such as 'does not contain' when working with multi-valued attributes and stick with the positive matches such as 'contains' or 'matches'.
An organisation has offices in 20 cities around the world. The directory they have connected to OpenAthens can pass the name of the office (e.g. Abuja office), but not the country. All users have access to the same set of resources and are not separated by sub-organistaion or permission set.