Release : 17.3
Component : EMBEDDED ENTITLEMENTS MANAGER FOR APM
Assumptions: ITAM and EEM are installed and integrated and that there is no external LDAP source in play.
At the time that a user is created in ITAM (Administration tab, "New User") ITAM will send a signal to create a corresponding record in EEM. It is important to understand that there is a distinct difference between creating a New User (Administration tab, "New User") vs creating a New Contact (Directory tab, "New Contact"). Creating a "user" will generate the corresponding creation of an entry for that user in EEM. Creating a "contact" does not generate an activity in EEM to create a corresponding entry.
Once a given user has been created in both ITAM and EEM, any changes to that user from ITAM will NOT be pushed into EEM.
Any changes made to the given record in EEM can be pushed to ITAM, with the sole exception of the userid field on EEM, which is a read-only field within EEM. The changes from EEM are pushed into ITAM using the LDAP Sync Tool (Administration tab, "LDAP Data Import and Sync"). Using the LDAP Data Import and Sync tool requires the ITAM Services on the ITAM App Server to be running.
Summary of findings:
- Passwords can only be changed in EEM. No password fields exist in ITAM for either users or contacts.
- Usernames cannot be modified once they are defined. The EEM entry has its userid field as a read-only field. EEM relies on the userid field to sync its stored contact information with ITAM. If there is a need to change a username in EEM, the guidance is to delete the user in EEM, then recreate the record in EEM with the new userid specified.
- ITAM and EEM do not share the same backend database.
- Changes to a given contact record are generally one way from EEM to APM. When using the LDAP Sync function in ITAM, first/last name and email address data in EEM will supersede and supplant existing data in ITAM (syncing via userid field).