CA Process Automation was recently installed and pointed out to an EEM server which had another ITPAM release installed.
This previous application was removed from EEM prior to installing ITPAM, and had another user (ADMUSER) set as the ITPAM administrator.
Now, customer is unable to login to ITPAM as pamadmin or as admuser.
CA Process Automation r4.2 SP1 or higher
EEM r12.51 or higher
EEM configured to AD
As the original ITPAM registered application was removed from EEM, the ITPAM permissions usually set to the administrator (pamadmin or any other user) were removed.
With this, the user is unable to login to ITPAM.
In order to resolve this, proceed as follows:
1. Logon to EEM in the Process Automation application as EiamAdmin:
2. Click Manage Identities and in the Value field set the name of the user: ADMUSER.
Next, click GO:
3. Click the user. The information about the user is going to be displayed in the right pane.
4. Click "Add Application User Details". Note the "Selected User Groups" list is empty.
5. Add all available groups to the "Selected User Groups" list and click Save.
Now you are going to be able to login to ITPAM as user "ADMUSER".
Note: ADMUSER is an example user ID in this knowledge article
Under "Manage Identities", select "Application User Details" and do a blind search. One may also find the "pamadmin" user listed, as a "orphaned" user. Same user should have the same rights described in this KB Article and is NOT an orphaned user as a result. It is not a best practise to remove or disable the pamadmin user as much of the PAM product documentation assumes access with the pamadmin user.