I was using EEM pointing to internal database and now I pointed it to an LDAP directory.
After that I changed EEM user permissions from Process Automation (pamadmin) and Service Catalog (spadmin) but I only are able to login to Process Automation.
If I try to log to Service Catalog I receive a message of user, password or business unit invalid.
This is my dev environment but the AD was my prod Env and I have the pamadmin and spadmin users created in this AD and it is working in Prod Env.
There are some more changes that I need to do to make catalog work?
Good Morning Paulo. Please explain in detail what you mean with:"After that I changed EEM user permissions from Process Automation (pamadmin) and Service Catalog (spadmin) but I only are able to login to Process Automation."
In general, before you configure EEM for AD, you need to create some 'objects' in AD first:Users: casmadmin, spadmin, pamadminGroup: OpenSpaceAdminGroup, with the above users as members
Kind regards, Louis.
These users and groups are already created and is working in Prod environment, because this AD is my prod server that is configured in my Prod EEM.
I need to do some tests so I pointed this same Prod AD to my Dev EEM.
After configuring AD in EEM I accessed the EEM PAM and Catalog Applications and configured the new spadmin and pamadmin user permission in the respective applications, but only PAM worked.
I was not able to login to Catalog.
Good Morning Paulo.
Can you login to EEM with userid(s) spadmin,casmadmin and pamadmin?
Do these userids show in the EEM Users list?
Yes, I´m able to login and the users apears when I search for users.
Hi Paulo. Thanks for your reply.
Why would you 'change the new spadmin and pamadmin user permission'.
As 'spadmin' is still 'spadmin', right? In both Prod and Dev environment.
By the way, it is better practice to have a separate AD for your Dev-EEM.
I changed the spadmin and pamadmin user permissions inside EEM respective applications for the AD users.
After not changing pam application permissions I was not able to log to pam.
But for catalog even changing permissions in catalog EEM application make me able to log to catalog.
Sorry, I am out of options now.
Perhaps some one else in the Community can help you further.
Otherwise, I propose to open a standard case for full Support and follow-up.
Thanks for your understanding and kind regards, Louis.
Thanks for help.
I will wait more time and if nobody in the community could help I will open a standard case.
I am not sure I fully understand what you are trying to accomplish, however it seems as if there may be some confusion as to how EEM integrates with Service Management apps. For PAM, EEM handles account role management; in the case of LDAP, authentication management is passed through. Altering PAM Accounts is done in EEM Directly. With Service Catalog it is a little different. While Service Catalog does utilize EEM, Users are not managed directly in EEM. Service Catalog is used directly for managing users and it stores the information in EEM for you. The following, may not be correct as I am not as familiar with Service Catalog but I believe the recommended configuration is that Service Catalog would be connected to LDAP separately from EEM for authentication. Once authenticated by SC in LDAP, permissions stored in EEM are used internally in Service Catalog.
Good Afternoon Paulo.
Are you okay with this? Or do you need to open a standard case?
Thanks and kind regards, Louis.