So you will need to do a couple things.
1. In the health check policy you need to setup an after scan action. (snmp, COA) In my example Im using the agent so I send a bounce request the agent instead of the switch but for a web scan it could be a snmp or COA. Its up to the type of switch you are using and what is more efficient.
2. In you service that you setup to assign the role you need to check mark (Use cached Roles and Posture attributes from previous sessions) so when the device reconects you will have a posture toke associated with it.