Issue is that on approving a CAC/PIV user fails PAM error like such: 

   Error: PAM-UI-2411: Error approving CAC User. Duplicate Password Authority username.  User not added. Please contact your system administrator.

While the Tomcat logs show the following footprint

    Nov 18, 2020 16:57:12 PM com.cloakware.cspm.server.dao.impl.AnsiSQLUserGroupDAO insertMember

    SEVERE: AnsiSQLUserGroupDAO.insertMembers adminAccountID=xxxxxxxxxxxxxxx@yyy is already a member of UserGroup ID=nnnn

Privileged Access Manager, all versions

The root cause is that an existing entry for the user still exits in a PAM internal  DB table. Possibly the previous approval failed due to another specific reason and that left the an orphaned DB entry for the adminAccountID (adminAccountID was essentially not marked deleted as required).

Please file a support case requesting help to correct a possible orphaned entry in a PAM internal DB table related to the adminAccountID.