FAMAuth Admin

FAMAuth Admin 2.16

April 29, 2025

The primary objectives for this release are to allow org unit roles to be requested, improve existing features per suggestions from FAM application teams, address SonarQube findings, and fix issues discovered since the previous version.

Click here for more information

Installation

Verify that the “About” page displays 2.16.0.x for the version. If still 2.15.0.1 then use Shift-F5 to reload the page and verify again.

New or Changed Functionality

• Users can now request roles when requesting access to an organizational unit. At least one role must be requested when requesting org unit access.
• An email notification is now sent for org unit requests to users that can review, approve or reject requests for the requested unit, and that have “Org request notifications” enabled.
• Users can now cancel their own request that was submitted in error. New users can cancel using a link provided in an email. Existing users can cancel from the “View my requests” option on the FAMAuth portal.
• When adding a note to a request, a standard “Verification email sent” note can now be selected. In addition, when the Save button is clicked a new note is saved without first having to click the “+” button.
• A “View reviewers” menu item has been added to the “Pending requests” page, which can be used to help contact an approver for the application that can act on the request.
• The “App requested” column on the “Pending requests” page now allows filtering on multiple applications, by separating them with a semi-colon in the grid column filter.
• On the “Edit profile” and “View profile” pages a pagination control has been added to the “Requests” and “Org role requests” grids.
• Applications can now be configured to automatically reject access, role and org unit requests that have remained in the Pending queue for a specified number of days. This capability is disabled by default but can be enabled at the application level upon request.
• The “Last authorized” column is now displayed by default on the “Manage users” page.
• When a user is deactivated in the USDA eAuthentication system, they are now automatically unlinked from eAuthentication in FAMAuth. The user is also set to a status of Removed if they have no other login methods (not linked to Login.gov).
• First, middle, last and verification name fields now allow only alpha-numeric and the following special characters: dash, space, apostrophe, period, comma and backtick.
• A user with the “Application manager” role can now delete an application, including all instances, roles and user access.

Reports Changes

• None.

Defects Fixed in this Version

• Viewing the similar users for a reactivation request has been fixed to exclude the requesting user.
• The “Agency” column on the “Manage users” page has been fixed to not be displayed by default.
• A defect on the “Manage users” page has been corrected when using the advanced search in combination with grid column filtering.
• The error message shown when a second session of FAMAuth Admin is launched has been corrected.

Additional Changes

• The client and server have been upgraded to resolve findings in SonarQube to meet milestones for POAM 35405.
• Web service calls to OIS for organizational information are now performed using a GET, as a precursor to CSRF enforcement.
• The User Lookup web service is now available as a REST service. The existing SOAP service will be removed in a subsequent version, when it is no longer in use by any applications.
• The client has been upgraded from Angular v15 to v18.
• The server has been upgraded to Spring Boot v3.3.10 and Spring Security v6.3.8.

FAMAuth Admin 2.15

February 25, 2025

The objective for this release is to upgrade server components for remediation of security vulnerabilities.

New or Changed Functionality

• None.

Reports Changes

• None.

Defects Fixed in this Version

• None.

Additional Changes

• The server has been upgraded from Spring v5 to v6.
• The server has been upgraded from Apache Tomcat v9 to v10.

FAMAuth Admin 2.14

February 11, 2025

The primary objectives for this release are to streamline the process for seasonal users by allowing users in the Removed status to request reactivation, improve existing features per suggestions from FAM application teams, and fix issues discovered since the previous version.

New or Changed Functionality

• Users in the “Removed” status can now submit a request to be reactivated, along with the application they need to access. The request can then be approved or rejected like any other application request on the “Pending requests” grid. A “Reactivation” column has been added to indicate these requests.
• New users are now required to enter the State of their primary work location or station. Existing users are allowed to optionally provide this when editing their profile. The state is also now included in the user information returned to FAMAuth client applications during the login process.
• For application roles configured with “Precedence”, users assigned the role with the highest precedence are allowed to assign that role (and all roles with lower precedence). For example, users with the Support role for WFDSS NextGen are now allowed to approve and assign the Support role.
• The “Application and role access” panel on the “Edit profile” screen now displays only those applications that the user is allowed to assign access and roles. A “Show all” checkbox has been added to allow the user to see all applications, including the ones they are not allowed to edit.
• A “Search access” filter has been added to the “Application and role access” panel on the “Edit profile” that filters the records by application name, abbreviation and role name.
• Users that are allowed to process requests because they are assigned a role with the Process Access Request operation are now notified via email for each new request. Email notifications can be turned off on the “Edit profile” screen.
• Emails sent to the user and the verification contact now contain more information about the user, including first and last name, email address and agency or company.
• Email can now be sent to all users with access to FAMAuth Admin by selecting “FAMAuth Admin” in the application dropdown on the “New email” screen.
• The number of users an email was sent to is now recorded and displayed in the “User count” column of the “Email users” grid.
• Application roles that are configured to be assigned by default are now required to also be requestable.
• Management of application approvers has been moved from the “Manage applications” screen to its own screen. Users with the “Manage approvers” role are allowed to access the new screen.
• Users with access to both a password application (FTP or ICBS) and a FAMAuth application and that have not logged into their FAMAuth application (IROC, etc) for 60 days are now required to reactivate.
• The “Add user” button and screen has been removed.

Reports Changes

• Removing and adding a column back to the grid on a report now adds the column in the same place, rather than at the end of the row.
• RPT-10 has been fixed to allow filtering by org unit role when also filtering by an application instance.
• The “Approver Manager” role has been added to RPT-01.
• The new “State” attribute for users has been added to RPT-04, RPT-05, RPT-08, RPT-10 and RPT-11.

Defects Fixed in this Version

• The “View request” screen has been fixed to not show a role requested for a different application.
• A defect on the “Request application access and roles” screen that sometimes removed a user’s existing access has been corrected.
• Whitespace is now removed when entering a new password on the “Change password” screen, to resolve the issue where pasting a new password into the field resulted in a space being added to the end of the password.
• Changing a password now updates the “Last authentication” date for the user to correct a problem where users could become Disabled prior to 180 days passing.

Additional Changes

• Role assignments are no longer stored in LDAP.
• The server has been upgraded to Spring Boot v2.7.18 and Hibernate v5.6.15 as well as upgrades to other open source libraries.
• The server has been upgraded from Java v11 to v17.

iNAP 2.13

July 16, 2024

The primary objectives for this release are to rebrand “iNAP” as part of “FAMAuth”, simplify assigning of org unit roles, improve error messages and email communications to provide better guidance to users, and fix issues discovered since the previous version.

New or Changed Functionality

• The term “iNAP” has been replaced by “FAMAuth” (or in some cases, “FAMAuth Admin”) throughout the application. Going forward “iNAP” is considered to be part of “FAMAuth” and referred to as such, except in certain cases where it is helpful to distinguish it as “FAMAuth Admin”.
• By default, the “Edit org unit roles” screen now displays only those org units that the user is allowed to assign roles for. The “Show column filters” check box has been added to allow the “org unit role access” to be filtered for those users with access to many org units.
• Emails sent using the “Email users” feature now support formatting, including hyperlinks. Attachments may also be included. The history of previously sent emails is also now displayed on the “Email users” screen.
• When requesting access and the verification contact matches the user’s information, the error message has been improved and is also immediately displayed to reduce confusion.
• Emails warning of impending inactivation or removal are no longer sent for users that do not have access to any applications.
• The email warning for impending inactivation, and the email notification of inactivation have been re-worded for clarity.
• The advanced search on the “Manage users” page now allows searching by eAuthentication or Login.gov email. The “Identity Provider E-mail” column has been added to the grid in support of this feature.
• An optional description may now be provided for application roles, which will be shown when users are requesting access and roles.
• The “Has SSRS reports” check box, “Version” text box and “URL” text box have been removed from the “Add/edit application” page.
• Sorting indicators have been added to the column headers for all grids.
• The term “account” has been replaced by “user” throughout the application.
• The header has been updated for consistency.

Reports Changes

• Reports have been migrated from SQL Server Reporting Service (SSRS) to a new Reports screen within the application, which is still accessed via the same “Reports” button as before.
• The “Non-privileged account review (RPT-02)” report has been added to facilitate the annual security audit.
• The “Org unit(s) with no users” standard report has been corrected to show only one row per organizational unit.

Defects Fixed in this Version

• The “Forgot my username” feature has been fixed for users that login using eAuthentication.
• The “Application Access Requested” email is no longer sent to approvers for applications without a default role when the user is auto approved.
• The error message for an inactivity timeout, or an unexpected error have been corrected.
• Pending requests on the “Home” screen are now refreshed after one or more requests are processed on the “Pending requests” grid.

Additional Changes

• None.

iNAP 2.12

April 2, 2024

The primary objectives for this release are to simplify assigning of roles, allow email messages to be broadcast to application users, provide improvements for admin users, and fix issues discovered since the previous version.

New or Changed Functionality

• Assigning application roles to a user is now performed on the “Edit profile” page from the “Edit profile” menu item. The “Edit application roles” menu item and page have been removed.
• When entering or updating the UEI for an IROC vendor, the value is now validated to exist in SAM.
• An application with multiple roles defined in iNAP can now be configured so that a user can only request one role, and only one role can be assigned to a user.
• Application approvers can now send email to all users for an application, using the “Email users” menu item under the “Accounts” menu button.
• Users can now be fully deleted from the system, using the “Delete user” menu item for a selected user.
• The page header has been updated to “Wildland Fire Application Portal – FAMAuth” to provide a more seamless user experience.
• The message board has been removed as it has now been replaced by the “User Notices” panel in FAMAuth.
• The grid on the “Applications” page can now be filtered by application abbreviation. Additionally, the “Instances” column has been replaced by “Abbrev” and “Instances” columns.
• The “Application access” column has been added to the “Manage accounts” grid, and the “Advanced search” now allows all users of an application to be displayed in the grid.
• The “Export to Excel” button has been added to the upper-right of the main grids (“Manage accounts”, etc.). This button performs an export of the current data (all pages) and displayed columns in the grid.
• The error message displayed for a user in the Removed status has been updated to provide better information.
• Users are no longer allowed to submit a request with a verification contact that is the same as the user’s information based on first and last name, or email address or phone number.

Reports Changes

• The “Account status” dropdown on the “iNAP-04 User account status” standard report has been corrected to show “Expired Password” instead of “Expired”.

Defects Fixed in this Version

• Apostrophes are now permitted in the first name, last name, and job title for verification contacts.
• The pagination control on the “Manage approvers” page has been centered for consistency.
• Changing the name for a non-password user has been corrected to place the user in the Active status rather than Temporary Password.
• Reactivating a disabled password user has been corrected to send a working temporary password to the user.

Additional Changes

• A “client_url” parameter can now be added to the napRedirectURL that is provided when the “me” service returns “authorized=false”. The client_url will be redirected to upon completion in iNAP of the following flows. This can be used to prevent the user from having to click their tile again in the FAMAuth portal.
  • Accept Rules of Behavior
  • Self-reactivation after 60 days of inactivity
  • Request access that is auto-approved
• The “allowFamauthAdminFlag” has been added to the “Get profile” web service.
• Organizational units and roles have been added to the “Get application users” web service.
• The iNAP server and the Onboarding client have been upgraded to Spring Boot v2.5.15 to address security vulnerabilities.
• The iNAP client has been upgraded from Angular v10 to v15.
• The iNAP server has been upgraded from Java v8 to v11.

iNAP 2.11

February 20, 2024

The primary objectives for this release are to inactivate users after 60 days, remove the iNAP portal, fix issues discovered since the previous version and perform upgrades.

Installation

Fire FTP users must link an eAuthentication or Login.gov account to their iNAP user by logging into FAMAuth (https://famauth.wildfire.gov) and clicking on the FTP tile.

For application aprovers: Emails from iNAP for access and role requests received prior to the deployment should be deleted. The "Click here" link in these emails will be invalid. The link will be valid in emails received after the deployment.

New or Changed Functionality

• Users are now inactivated by the system after 60 days of not logging into an application and will be changed to a status of Inactive. Inactive users can self-reactivate by entering a PIN that is emailed to them. After 330 days of inactivity the user must contact the Help Desk to be reactivated. Password users (FTP and ICBS) are not subject to this inactivation and must still change their password every 60 days (after which their status is set to Expired Password).
• The iNAP portal (https://nap.nwcg.gov/NAP/) has been removed. All functionality that was supported by the iNAP portal is now supported by FAMAuth (https://famauth.wildfire.gov). Fire FTP and ICBS users will need to use the "Change or reset iNAP password" menu item in FAMAuth to maintain their password.
• The "Pending requests" grid now allows multiple requests to be selected and rejected at the same time. A single reject reason will apply to all of the requests.
• The "Request origin" column has been removed from the "Pending requests" grid.
• The eAuthentication and Login.gov information for a user is now diplayed on the "Process request" page.
• Users without access to any applications are no longer considered password users. Username and password emails are no longer sent when reactivating a removed user that does not have access to any applications.
• The "Pwd user" column has been added to the "Manage accounts" grid. This column displays Yes for users that are required to maintain a password (have access to FTP or ICBS), and No otherwise.
• Recent requests by the user for org unit access are now displayed on the home page.

Reports Changes

• Standard reports have been updated for removal of the Locked status.

Defects Fixed in this Version

• The format of some emails sent to users have been corrected for inconsistencies.
• An error message is now displayed when duplicate application instances and roles are entered, rather than silently removing them.
• The reCAPTCHA is now shown when a vendor is requesting access to IROC.
• Users may now cancel on the Confirm Additional Access page to cancel their request.
• An error that occassionally caused multiple rows to be selected when clicking on a pending request has been corrected.
• The tool tip for the search text field on the pending requests grid is now displayed.
• An error that prevented some users from changing from Disabled to Removed after 330 days of inactivity has been corrected.

Additional Changes

• The iNAP client has been upgraded from Angular v10 to v15.
• The iNAP server has been upgraded from Java v8 to v11.

iNAP 2.10

September 26, 2023

The primary objective for this release is to migrate iNAP to the Tomcat web server, provide improvements for admin users, and fix issues discovered since the previous version.

New or Changed Functionality

• The iNAP role for Org Unit Manager has been replaced by iNAP operations that can be assigned to any org unit-specific role (for example, the Center Administrator role for WildCAD-E).
• The Notes column on the Pending Requests grids has been changed to “Notes by”, and now displays the names of users that have added a note to the request.
• Users will now receive email informing them when they lose access to an organizational unit due to inactivity.
• Emails sent to FAMAuth users have been updated to reference https://iwfirp.nwcg.gov instead of https://nap.nwcg.gov.
• Users must now complete a reCAPTCHA challenge when requesting a new user. In most cases this will entail simply clicking an, “I am not a robot” checkbox. It is also possible that the user could be presented with a more complex challenge.
• Email addresses are now allowed to contain apostrophes (ahead of the @).
• Release notes may now be viewed from the Help menu.

Reports Changes

• The “iNAP-10 Org unit-specific role(s) by user” standard report has been corrected to return all names (including those past the letter “r”).

Defects Fixed in this Version

• Alignment options for formatting are now displayed when adding an entry on the Message Board.
• The Hierarchy Code field on the Edit Application page is now restricted to a maximum length of ten characters.
• An error that was causing the times on a Message Board entry to be advanced one hour on each Save has been fixed.
• The “account was disabled or removed” email is no longer sent to user profiles when the Keep Disabled option is used.
• The Vendor Contact Account Manager role is no longer shown on the Edit Profile screen.
• The “Part-time/seasonal” checkbox has been corrected on the View Profile screen.
• The search dropdown now includes the “Requests” option for users with a role that has the Process Access Request operation.
• Organizational unit roles are now removed when a user’s access to the unit expires.

Additional Changes

• The iNAP server has been migrated from IBM WebSphere to Apache Tomcat.
• The iNAP server has been refactored for simplification and efficiency.
• The iNAP data model has been refactored for simplification.
• The Central Authentication Service (CAS) component of iNAP has been removed.
• The Get Profile and Authorize User web services have been decoupled for maintainability.

iNAP 2.9

March 28, 2023

The primary objective for this release is to provide role enhancements in support of the Wildland Fire Decision Support System (WFDSS), and fix issues discovered since the previous version.

New or Changed Functionality

• An application role can now be given access to any of the following iNAP operations:
  • Access Reports
  • Edit User Account Application Roles
  • Maintain Application Access
  • Process Access Request
  Users granted the application role can perform the specified action within iNAP on other users of the application.
• An application role can now be assigned a precedence. In combination with the access to iNAP operations described above, users are only able to grant roles of a lower precedence than the highest precedence for a role that they have been granted.
• The Rules of Behavior screen has been optimized for display on mobile devices.
• Users are no longer allowed to approve their own requests for application access, application roles and organizational unit access.

Reports Changes

• “Dispatch center” has been replaced with “Org unit” as a more general term for applications that require access and roles at specific organizational units but are not focused on dispatching.
• “Application” has been added to the “iNAP-06 Org Unit(s) and Org Unit Managers” standard report.
• The “iNAP-07 Org Unit(s) with no Org Managers” standard report has been added.
• The “iNAP-07 Org unit(s) and their User(s)” standard report has been incremented to iNAP-08. “Application” and “Expiration Date” have been added to this report.
• The “iNAP-09 Org Unit(s) with no Users” standard report has been added.
• The “iNAP-08 Org unit access and org unit-specific role(s) by user” standard report has been incremented to iNAP-10. “Application” and “Expiration Date” have been added to this report.

Defects Fixed in this Version

• The error message when processing an org unit request for a removed user has been updated to change the term “dispatch center” to “org unit”.
• Org unit access is no longer added by default when a user with the Org Unit Manager role is assigned to manage an organizational unit if the user does not have access to the application.
• Agencies that do not have any associated organizational units are now allowed to be selected when creating (or updating) a user.

Additional Changes

• The Get Application Users web service is now available as a REST service (in addition to SOAP). The SOAP service will be retired when no longer in use.

iNAP 2.8

February 28, 2023

The primary objective for this release is to provide enhancements to the organizational unit access functionality in support of the Fire Environment Mapping System (FEMS), and fix issues discovered since the previous version.

New or Changed Functionality

• “Dispatch center” has been replaced with “Org unit” as a more general term for applications that require access and roles at specific organizational units but are not focused on dispatching.
• Assigning and removing roles for organizational units is now performed via the “Edit org unit roles” menu item, instead of “Edit profile”.
• A hierarchy in the Organizational Unit System (OIS) must now be defined on the “Add or Edit application” screen for any applications within iNAP that have at least one organizational unit role (the “Org unit-specific” checkbox is checked).
• Users with the “Org unit manager” role are allowed to approve requests for and assign or remove access to the organizational unit(s) they have been assigned to manage, as well as children organizational units within the hierarchy defined for the application. For example, a FEMS user that has been assigned to manage a Geographic Area Coordination Center (GACC) can manage access for the GACC as well as all Sample Site Groups and Sample Sites under the GACC.
• A user’s access to an organizational unit (including dispatch centers) can now be marked as temporary, with an expiration date after which the access is automatically removed.
• The “iNAP is system of record for role assignments” checkbox has been removed from the “Add or Edit application” screen.

Reports Changes

• None.

Defects Fixed in this Version

• Intermittent clearing of the “Org unit” entry field when requesting access to an organizational unit has been fixed.
• When viewing a user’s access to organizational units the username of the approver for the access is now displayed for consistency.
• When displayed in mobile view, the main menu has been corrected to include the administration menu items.

Additional Changes

• The “dispatchCenters” attribute in the response from the user authorization web service has been changed to “orgUnitAccess”. This change carries through to the “napUserProfile” returned by the FAMAuth “me” service.
• The URL to launch the iNAP “Edit profile” screen has been added to the authorization web service response, to allow applications to provide users with a link for editing their profile.
• Menu item names and display sequence are now supplied to FAMAuth so that future changes to the menu items will not require any code changes within FAMAuth.
• The Hibernate spatial library, which includes the PostgreSQL library has been removed from the iNAP server to remediate a security vulnerability.

iNAP 2.7

October 25, 2022

The primary objectives for this release are to provide enhancements to the role capabilities within iNAP, use FAMAuth for authentication, improve reports, and fix issues discovered since the previous version.

New or Changed Functionality

• The iNAP role capability has been enhanced to allow users to be assigned one or more roles per dispatch center. Role assignment is performed by users holding the Center Manager role, for the dispatch center(s) that they manage.
• Users with iNAP roles such as Account Manager and Password Reset must now launch iNAP from the FAMAuth portal to access those functions. Users may still login to the iNAP portal with their iNAP username and password, but only for the purpose of launching applications from the portal or self-managing their profile.
• The iNAP and OIS reports portal (SSRS) is now authenticated using FAMAuth.
• Users now have the option to add one or more alternate email addresses to their profile, and to designate if they wish to receive notifications from iNAP at each alternate email. Alternate emails are subject to the same uniqueness rule as primary email such that all email addresses in iNAP may only have one occurrence.
• The default on the “View profile” screen is to show only the application instances which the user has access to, with a “Show all” checkbox to show all application instances.
• The order in which application roles are displayed can now be specified (previously they were always displayed in alphabetic order).
• Application roles can now be designated such that they cannot be requested by a user and can only be assigned by an account manager with application approver privileges for the application.

Reports Changes

• The “iNAP-09 Pending IROC vendor requests” standard report has been added to simplify the approval process for vendors.
• The dropdown values in the report parameters have been pre-filtered to include only values that are applicable. For example, when showing available users on the “iNAP-07 Dispatch centers and their users” only users that are associated with at least one dispatch center are included in the User(s) dropdown.
• Data fields in the Analytical Datasets are now displayed alphabetically when running the Table and Matrix wizard within the Report Builder application.
• Application access data in the analytical datasets now includes historical audit data such that access that has previously been removed from a user can be reported on.
• Analytical datasets have been added to fill the gaps between the initial SSRS analytical dataset implementation and the Cognos Analytical Reports.
• The placement and sorting of the “Org/Company” column on the “iNAP-05a Application Access and Role Assignments by Org” standard report has been updated for consistency.
• Dispatch centers with no users can now be excluded from the “iNAP-07 Dispatch center(s) and the user(s)” standard report.

Defects Fixed in this Version

• Inactive user sessions are now signed out even when the browser is minimized.
• The default for the “Notify manager of new request” checkbox has been corrected when clearing all managed dispatch centers from a user profile.
• The tool tip for the “Organization unit” field has been corrected when more than one search is performed.
• The data collected for the “Seasonal” flag when requesting a new user has been corrected to “T” and “F”.
• Extra characters in the username associated with a Delete action in the iNAP audit data have been removed.
• Duplicate emails are no longer sent to application approvers for applications with multiple roles.
• Apostrophes are now allowed in the reason when rejecting a request.
• Prompt text is no longer displayed for the “Dispatch center” field on the “View profile” screen.

Additional Changes

• Elevated accounts (usernames starting with “ad.”) have been removed from iNAP.
• Reviewer and Approver data has been changed from a first and last name to a username. This change allows the elevated accounts to be removed from iNAP.
• The iNAP authorization service can now be called by FS Apps E to authorize any application.
• Support for the “Request dispatch center access” menu item in FAMAuth has been added.
• The iNAP server has been upgraded to Spring v5.3.22.

iNAP 2.6

June 14, 2022

The primary objectives for this release are to provide enhancements requested by partner applications, improve reports, and fix issues discovered since the previous version.

New or Changed Functionality

• New user and access requests can now be automatically approved based on a whitelist of email addresses. If the email address entered on the request matches an email address on the whitelist, then the request is immediately approved by the system.
• Rules of Behavior (ROB) are now accepted when requesting a new user, rather than accepting them upon the first login.
• The order in which application instances are displayed can now be specified (previously they were always displayed in alphabetic order).
• Application instances can now be designated such that they cannot be requested by a user and can only be assigned by an account manager with application approver privileges for the application.
• Email addresses with extensions up to ten characters are now allowed.

Reports Changes

• The standard reports have been renumbered to allow grouping of similar reports.
• The “iNAP-05b Application access and role assignments by org” standard report has been added.
• Updated the configuration for SSRS to allow selection of “All users” in the standard reports.
• The standard reports now allow sorting by column.
• Corrected the Application Access dataset to improve performance and allow reporting on the Last Application Authorization Date.
• The analytical datasets have been moved up one level to the Analytical datasets folder.

Defects Fixed in this Version

• The nightly process that updates user accounts has been corrected to remove access to application instances for inactivity when the user has access to other, inactive application instances.

Additional Changes

• The Get Profile web service has been updated to return a flag indicating if the user has any iNAP roles. This information is being added to support enhancements in a future version of the FAMAuth portal.

iNAP 2.5

April 19, 2022

The primary objectives for this release are to allow users to request additional access from the FAMAuth portal, add request and approval for dispatch center access, and fix issues discovered since the previous version.

New or Changed Functionality

• Users can now edit their profile and request additional access from the FAMAuth portal.
• Access to dispatch organizations can now by requested be any user of iNAP and approved by iNAP users with the Center Manager role for the dispatch. Only dispatch organizations that have a user with the Center Manager role can be requested (so this feature will not be active until at least one such dispatch exists).
• Elevated (or “ad”) accounts are no longer used for iNAP administration. The iNAP roles for Account Manager, Application Manager and Password Reset are now assigned to standard accounts. This does not remove “ad” accounts from iNAP so applications that still rely on “ad” accounts will not be affected.
• The “E-Mail confirm” field has been added when entering or updating user information, to reduce the chance of a mistyped e-mail address.
• The email sent when a user is removed has been updated to provide an accurate reason for the removal.

Reports Changes

• Two standard reports have been added:
  • iNAP-07 Dispatch Center(s) and Center Managers
  • iNAP-08 Dispatch Center(s) and their Users
• Standard reports have been corrected to show the organization name when user has an “Other (not listed)” organization.
• Organization and company names in the dropdown for the report parameters are no longer truncated.
• Multi-selection parameters have been fixed to work for values that include commas.
• The word “Elevated” has been removed from iNAP reports.
• Capitalization of report names is not consistent for iNAP standard reports.

Defects Fixed in this Version

• A defect that prevented the user from linking their iNAP profile after requesting multiple applications from the iNAP portal has been corrected.
• The process that synchronizes data from OIS has been corrected to apply an update of the agency for an organization to only the users with that organization.

Additional Changes

• The log4j libraries used by the iNAP server have been upgraded to v2.17.2.

iNAP 2.4

January 25, 2022

The primary objectives for this release are to improve efficiency for the iNAP approvers, and fix issues discovered since the previous version.

New or Changed Functionality

• The “Password resets” screen has been added to allow account managers and help desk users to see password resets that have been performed and the user has not updated their password. Newly created accounts are also shown if the password has not been updated.
• Multiple requests for a new user with the same email or name are no longer allowed. The first request must be processed before any more requests are allowed.
• The “Request account” screen has been updated to emphasize that access can be requested for multiple applications and instances.
• Linking an iNAP user profile to eAuthentication or Login.gov is now accomplished via a PIN sent to the email address for the profile, rather than requiring a username and password.
• Launching an application (such as IROC) from FAMAuth is now counted as activity that prevents removal of an iNAP user profile (after 330 days of inactivity).
• Application access and role history are now shown for a user profile.
• Approvers can now update a new user’s name on the request, instead of rejecting the request and having it submitted again.
• When updating the name of an existing user an option is now provided to maintain the current username(s).
• Notes added to a request by approvers are now associated with an application.
• When linking to eAuthentication or Login.gov, the user is informed if they enter an email address for which a new user request already exists.
• Email addresses with extensions up to five characters are now allowed.

Reports Changes

• The iNAP standard and analytical reports have been migrated to Microsoft SQL Server Reporting Service (SSRS). The Cognos reports are still available, but will not be updated going forward, and will be removed once the user community is satisfied with the SSRS replacement.
• The iNAP-06 Application Access and Role Assignments standard report has been added to provide reporting on application and role assignments.

Defects Fixed in this Version

• The data that was causing the “missing required fields” error for some users when requesting application access has been corrected.
• Notes added to a request by an approver no longer cause the request to be shown multiple times when the user is viewing their requests.
• The Add/Edit Message screen has been corrected for a misspelling, and to limit the Subject field to 50 characters.

Additional Changes

• The authorization web service has been enhanced to support the simplification of FAMAuth authentication and authorization.
• Web service(s) have been added for future changes to allow editing of a user profile from FAMAuth.
• The iNAP server has been upgraded to SpringBoot v2.4.11 and Spring Framework v5.3.10.
• The iNAP client has been upgraded to Angular v10.

iNAP 2.3

June 15, 2021

The primary objectives for this release are to encourage users to self-status prior to their account being disabled, and fix issues discovered since the previous version.

New or Changed Functionality

• Users are now warned prior to their account being disabled to provide another opportunity for the user to self-status their account without having to call the Help Desk. Accounts are disabled 180 days after the last login to the account, and the warning email is sent 10, 5, 4, 3, 2 and 1 day prior to the account being disabled.

Reports Changes

• The underlying model for Analytical Reports has been updated to align with database changes.

Defects Fixed in this Version

• The advanced search criteria on the Manage Accounts screen are now cleared and hidden when similar users are displayed via the Process Request page.
• Checking and unchecking the “Include removed” checkbox on the Manage Accounts screen has been fixed to filter correctly.
• The “unexpected error” when rejecting a new user with roles has been fixed.
• The status of a rejected user account request for an application role on the View Request screen has been corrected.

Additional Changes

• The authorization web service has been enhanced to support the simplification of FAMAuth authentication and authorization.

iNAP 2.2

April 27, 2021

The primary objectives for this release are to streamline onboarding of vendors for IROC, provide improvements for role management, and fix issues discovered since the previous version.

New or Changed Functionality

• DUNS and UEI are now captured for vendor account requests and profiles and provided to IROC to streamline the process of associating the iNAP profile to their company within IROC.
• Requests for additional application access from an existing user are now subject to automatic approval if the application being requested is configured for automatic approval.
• Users will now receive an email when an application role is added or removed by an account manager.
• Adding and removing application access and roles is now allowed for only those applications for which an account manager is designated as an application approver.
• Users can now select from their previously entered verification contacts when requesting access to additional applications and instances.
• Application roles can now be marked as inactive.
• A user’s access to an application instance is now removed 330 days after the last time it was used.

Reports Changes

• The Last Authorization Date field in the User Account Authorization and Creation Audit standard report has been renamed to Account Last Authorization Date.
• The User Application Instance Last Authorization Date query item has been added to Analytical Reports.
• Query items associated with vendor delegates have been deleted from Analytical Reports.
• The Company Number and Company query items in Analytical Reports have been replaced with DUNS Number and UEI.

Defects Fixed in this Version

• The completed request grid now shows requests that have been partially completed, such as when application access has been auto approved but there is still a role remaining to be manually approved.
• The term “Standard” has been removed from the error message when a duplicate role is entered.
• An invalid required fields error has been corrected on the Process Request screen.
• The advanced search on the Manage Accounts screen has been fixed when searching by organizational unit.
• The search field on the Manage Accounts screen is now cleared after showing similar users.

Additional Changes

• The iNAP server has been upgraded to Spring Boot v2.3.9.

iNAP 2.1

March 9, 2021

The primary objectives for this release are to implement automatic, rule-based approval of new user requests, allow application roles to be requested by users, provide improvements requested by application approvers, and fix issues discovered since the previous version.

New or Changed Functionality

• Users whose eAuthentication or Login.gov has changed can now relink themselves, without the need for a Helpdesk ticket.
• Account managers are now able to unlink user profiles with the Unlink user menu option on the Manage accounts screen.
• The E-Mail sent to an application approver when a user creates a new request now contains a link that will take the approver directly to the pending request in iNAP.
• Application roles can now be designated as “default”, meaning they are automatically assigned to a user when the user is granted access to the application.
• Application roles can now be requested by the user and approved or rejected by an application approver.
• New user and application access requests are now allowed to be automatically approved based on rules defined per application.
• The origin of new user and application access requests is now displayed for the application approver when processing requests.
• 508 accessibility has been improved.
• The height of the USDA / iNAP header has been increased.

Reports Changes

• Reports have been updated with the new request origin attribute.

Defects Fixed in this Version

• The Add/Edit Application screen has been fixed when viewing the terms of agreement for application images.
• Upload of compressed application images on the Add/Edit Application screen has been fixed.
• Columns filters for Contact Phone and Notes have been added on the Pending Request grids.
• Mouse over for applications on the iNAP landing page has been fixed.
• Fixed the issue with the request approver being overwritten when a set of access request is approved by more than one Application Approver.
• Checking the Include Removed box on the Manage Accounts screen no longer clears the search text.

Additional Changes

• Organization and agency data in iNAP is now synchronized with OIS.
• Primary Affiliation has been added to the Get Application Users web service, for use by OIS when synchronizing users with iNAP.

iNAP 2.0

November 17, 2020

The primary objectives for this release are to remove the dependency on the Adobe Flash Player, refresh the user interface and provide enhancements to improve efficiency for iNAP administrators.

New or Changed Functionality

• The user interface has been redesigned to align with Forest Service standards.
• The term ‘Privileged’ has been replaced by ‘Elevated’ throughout iNAP.
• Administrator roles have been simplified from seven roles down to three.
• For linked profiles, the email address for the linked eAuthentication or Login.gov account is now captured and displayed.
• Each application in iNAP now has a designated set of elevated users that can approve user access to the application.
• The Employee Type attribute has been replaced with Primary Affiliation.
• The Organization and Agency attributes are now more closely associated with data from the Organization Information System (OIS).
• The Rules of Behavior for an account or profile are now derived by the system.
• Improve ability for profile users to request access to additional iNAP applications.

Reports Changes

• Reports have been updated with the new and removed attributes for the application changes described above.

Defects Fixed in this Version

• The subject for the email that is sent when a user account request is rejected has been updated from NAP to iNAP.
• Update of the ‘iNAP is System of Record for Role Assignments’ checkbox when editing an application is now saved to the database.

Additional Changes

• The iNAP user interface has been entirely rewritten from Adobe Flex to Angular, to eliminate the dependency on the Adobe Flash Player which has an End of Life of December 31, 2020.
• The iNAP server has been upgraded to version 5.2.8 of the Spring framework and associated libraries, both for compatibility with the new user interface and to address security vulnerabilities.

iNAP 2.x

February 28, 2023

New or Changed Functionality

Reports Changes

Defects Fixed in this Version

Additional Changes