[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

04.1.0 MIDAS Identity Management Standard

Date of Current Revision or Creation: October 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this compliance standard is to establish account management practices for Monarch Identification and Authorization System (MIDAS), the central identity and password manager control system. Management and access control practices are used to ensure security is applied effectively.

  2. Definitions

    Banner Affiliate is a term to describe an account in the MIDAS system associated with a Banner Person Record that has a Banner Affiliate Record

    Banner Person is a term to describe an account in the MIDAS system associated with a Banner Person Record that has a Student or Employment Record

    Event Accounts are sponsored accounts commonly used for specific events like conferences

    MIDAS is an acronym for the Monarch Identification and Authorization System, a central identity and password manager.

    MIDAS Guest Account is a term to describe MIDAS accounts that do not have associated Banner person records.

    MIDAS Account is a common term for Banner Person

    ITS is the acronym for the official name of Information Technology Services.

    User includes anyone who accesses and uses the Old Dominion University information technology resources

    Locally Hosted systems are those IT Systems physically housed and logically connected to the ODU Main Campus.

    Sponsored Account is a term describing a MIDAS Guest account with a short account lifecycle.

    SSO is the acronym for Single Sign-On. This encompasses a family of systems/applications that allow users to verify their credential in one system and have that credential trusted in another.

    MIDAS Role is an attribute associated to a MIDAS account describing the user's affiliation with the University.

    MIDAS Group is a logical grouping of entities inside of MIDAS.

  3. Standards Statement

    1. Account Creation

      MIDAS is an ID and password management system that stores user information and communicates that information to University networked resources. This allows the user to log in to those resources with the same user ID and password.

      MIDAS accounts and Banner Affiliate accounts are available to members of the University community with a unique and verifiable person record in Banner. MIDAS Guest and Sponsored accounts may be issued to guests and/or affiliates for access to non-sensitive systems based on System Owner approval.

      All MIDAS users are required to accept the Acceptable Use Policy. Additional account creation requirements may exist based on Compliance Requirements, Federal, State, or Local laws or by other University and/or ITS Standards. These additional requirements should be scoped to the intended user base.

      A security profile is created for password recovery purposes. The security profile requirements may be determined by user affiliation or access to sensitive data.

      Two-Factor authentication setup may be required.

      After creating a MIDAS ID and password from this site, users can use these credentials to access approved and provisioned services that are integrated with MIDAS. Secondary IDs may be created for the user, depending on system requirements. MIDAS account IDs and any secondary IDs must be unique to the individual across all systems.

      Only ODU hosted or contracted systems may accept MIDAS credentials. Only locally hosted or CIO approved applications may verify the MIDAS credential directly, while other systems must leverage SSO systems or use a unique username and password.

      Users creating MIDAS Accounts must verify their Banner person record association during the creation of the MIDAS Account. Users creating MIDAS Guest Accounts may self-assert person record data. A MIDAS Guest Account can become a MIDAS Account after Banner person records have been verified but all self-assert data must no-longer be used.

    2. Passwords

      Users can change their password within MIDAS after successfully authenticating to MIDAS directly.

      All Password changes must be governed by the users Password Profile. If a user is a member of two or more password profiles, then the most complex password profile must be used.

      Password profiles complexity requirements are determined off of Sensitivity and Risk and should only be applied to the relevant user base. Complexity Requirements should include:

      • Number of Upper, lower alpha characters
      • Number of Numeric characters
      • Number of Non-Alphanumeric characters
      • Number of repeating characters
      • Number of previous password history entries
      • Number of password differences from the previous password
      • List of blacklisted characters (for system compatibility)
      • List of blacklisted words or passwords. E.g., Dictionary checks

      Administrative Password Reset may be issued by the ITS Help Desk when the user is unable to complete their security profile or by ITS Security under suspicion of compromise. Until the user is able to recover the account, all services must be disabled. Services will be restored after a new security profile is established and a new unique password has been set. Lost or forgotten passwords can be reset by users after successfully answering the questions using data stored in their security profile.

    3. Account Management

      MIDAS accounts must only be disabled under University Council or Student Judicial direction.

      MIDAS may issue services automatically based on System Owner approved authorizations.

      Manual services may be issued through the Account Management Standard.

      Service Removal must be done according to the Account Management Standard and Procedure.

      • Services may be suspended through ODU Business processes as requested by Supervisors, Human Resources or University Management.
      • Services may be temporarily disabled by ITS Security Operations in response to Security Threats by the Security Team.
      • All services related to and including the MIDAS accounts may be completely disabled only under direction of University Counsel.

      Management of Groups may be distributed from ITS Accounts as directed by the Group owner.

      Management Interfaces of MIDAS may be distributed to non-ITS Account personnel with the approval of the Director of Information Security.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 3501 - IT Access Control

    University Policy 3505 - Information Technology Security

  5. History

    Date

    Responsible Party

    Action

    December 2006

    ITAC/CIO

    Created

    October 2008

    ITAC/CIO

    Reaffirmed

    October 2010

    ITAC/CIO

    Reaffirmed

    October 2011

    ITAC/CIO

    Reaffirmed

    September 2013

    IT Policy Office

    Revised
    May 2018 IT Policy Office
    Formatting changes; minor revisions based on new functionality
    October 2021 IT Policy Office Definitions and links checked

Site Navigation

Presidential Inauguration

ODU commemorated the inauguration of President Brian O. Hemphill, Ph.D., during Homecoming Weekend 2022. Relive the historic weekend.

Fall Open House

It's time to fall in love with ODU! Join us for our last Open House event of the semester on Saturday, November 19.

Commencement 2022

Visit the Commencement Office for information on event times, caps & gowns, tickets and more!