IT Process Automation

Are we able to do pass-through authentication with LDAP?  Want to put users into one AD group to use PAM and also not have to have users log into PAM and not have to add users to the PAM Application in EEM.

Is that possible?

This is very possible Paul, you can setup a Dynamic group to allow everyone basic PAM access, or a specific group.

Please see:

Dynamic Group Policy to enable PamUsers level permissions for everyone in Active Directory

The reason I asked was because the documentation calls for NTLM pass through and doesn't talk about LDAP.  So I can set up EEM authentication with LDAP and set the "ntlm.enabled=true" in the OASISCONFIG.Properties on the PAM server and this will make it so the user doesn't have to log-in again.

Sorry if I misunderstood your question. Unfortunately NTLM is Microsoft specific and will only work with Microsoft Active Directory.  

Process Automation can authenticate users against with other LDAP servers, but cannot do pass through authentication.

I have used LDAP in the past to connect to AD.  Just to confirm, so if there is one AD Domain we can set it up as NTLM authentication which will allow for the Dynamic AD Group to be assigned to PAM Users and then do the PAM server configuration to allow pass through.

Simply - yes.

In order to utilize NTLM/Pass through authentication for CA Process Automation, EEM must be setup and connected to an external AD server.

Connect EEM to your AD domain, follow the procedure outlined in the knowledge article provided by Michael, and as long as your users are logged in with their network credentials to their workstations, pass through authentication will work after having enabled NTLM in the oasisconfig.properties file for Process Automation.