Though the PAM GUI says "ENTM Host Name or IP" on the login integration configuration page, PAM will connect directly to ActiveMQ on the specified server. This means that PAM can be configured to point to any IP or host name within the PAMSC architecture that has ActiveMQ running on it, including either Enterprise Management or the Distribution Servers. However, if the target endpoint is not subscribed to the Distribution Server that PAM is connecting to, ActiveMQ must be running on Enterprise Management in order for the integration to work.
For more information regarding the PAMSC login integration with PAM, please refer to the Implementation Guide. https://docops.ca.com/ca-privileged-access-manager/3-2/EN/integrating/ca-privileged-access-manager-server-control-login-integration