AnsweredAssumed Answered

Broken Contact Authorization in ITAM

Question asked by micah.garsidewhite on May 7, 2015
Latest reply on May 8, 2015 by micah.garsidewhite

We are running ITAM & SDM 12.9.  SDM is set to have case insensitivity for the username.  We are running EEM as a stand alone authentication source.  The Username in EEM does not match the exact case of the CA_Contact record in the MDB, but authentication is working correctly for all applications.  When I select a contact record where the case is different between EEM and CA_Contact and EEM, the process creates a NEW CA_Contact record and authorizes the NEW contact record for ITAM.

 

Here is the process that I believe is followed:

1)  ITAM uses the EEM username to identify the contact record (I would expect it to use the UUID or at least the ca_contact userid)

2)  ITAM queries against CA_Contact to find the exact username (this doesn't respect the application level settings in SDM to ignore case)

3)  ITAM finds no match and creates a new contact record

4)  ITAM authorizes the new record for access for ITAM

5)  SDM is now broken for users that have cached the username that matches EEM for authentication

 

Functionally, I would expect that when I select a contact to authorize it for ITAM I would not create a new contact.  I would also expect that ITAM would respect the SDM application level settings that case is insensitive (i.e. SomeUser@someplace.com is the same as someuser@someplace.com).  Lastly I would expect ITAM to identify a contact record based on some attribute stored inside the CA_Contact table, rather than an unrelated field in a separate and non-editable system.

 

My only thought is to manually modify the contact record to match EEM before authorizing any user for ITAM.  I would like to align the two systems, but I have no way of exporting the content from or editing the content in EEM.  Any assistance is greatly appreciated, because I am going live with the ITAM system in 10 days and at this point any contact level data change will need to be a part of a form Change process, because there is a risk of breaking SDM.

Outcomes