Hi there,
In order for Profile Merge rules to work, the auth state should be passed. The authenticated state (logged in) is mandatory if you want to target current authenticated or last authenticated visitors.
If you specifically want to suppress those visitors who have logged out, then you should use the logged out state in Visitor ID service implementation, upon user's logged out activity/time out.
Since you are using segments in Adobe Target, then there is no need to bother about the 3rd party ID syncs.
If you only wanted to target users within their logged in state, I would recommend 2 variations of Profile Merge rules, where the cross device data source should be checked, which should also be linked to your onboarded traits:
1. Current Auth + Profile Link device graph: If you want to target users only in their logged in state when they log in. This requires logged out state to be passed in Vis ID call. This will instantly qualify or disqualify linked devices even if they are not logged in.
2. Current Auth + Current device: Similar to point 2, but it does not disqualify or qualify other linked devices instantly. It lets you select upto 3 data sources in the Profile Merge rule.
Optional (recommended):
3. Last Auth + Profile Link device graph: (for maximum reach) This will target all the linked devices (upto 4) of a visitor, even if they log in on one of their devices. Linked devices will be unrealized or realized for the segments instantly in this case.
Thanks,
Varun Kalra