Directory Services

Harvard operates multiple online directories for easy contact lookup, and identity and access management applications around the University.


How do I use a hardware token to access VPN with two step-verification?

Download a printable copy of these instructions >

If you do not have, or cannot reliably use a mobile phone or landline as your primary two-step verification device, please send a request for a hardware token to

A hardware token is a small device that, when plugged into your computer, offers two-factor verification with a touch of a button. Some important things to know about hardware tokens:

  • Tokens do not work with mobile devices, but can be used as an alternative two-step verification method for HarvardKey.
  • Each token is exclusive to a user and cannot be assigned to more than one HarvardKey account. 
  • Two-step verification must already be activated on your HarvardKey account with another device for a token to be added. Activate two-step verification now before following these instructions. 

Follow these steps for requesting and setting up your hardware token on your HarvardKey account.

1. Users must first set up two-step verification for HarvardKey with a primary device, such as a mobile phone or landline. Instructions can be found at If you do not have access to a primary device, contact or call 617-495-7777.

2. To request a token, contact with the subject line "Request a hardware token" or call 617-495-7777. Each hardware token must be pre-configured by HUIT.

3. Once you receive your token, insert it into an open USB port on your computer with the metal "Y" face up. 

4. For Windows users, your computer will recognize the device and automatically install the necessary software. When complete, a pop-up balloon will indicate the device is ready to use.

For Mac OS users, the first time you insert a hardware token, your computer will recognize it as a USB keyboard. Simply close the pop-up window to continue.  

5. Visit a HarvardKey-protected website or application, like the Harvard internal directory, When prompted for two-step verification, click Enter a Passcode.

6. Tap the metal "Y" on your token and you will be automatically logged in. If you experience difficulty, contact the HUIT Service Desk at or 617-495-7777.

Can FAS account names be changed?

The assigned or chosen FAS account or user name can be changed only under very specific conditions:

  • A misspelled user name resulting from an error in our database.
If, for example, John Harvard was misspelled to jharverd, we would correct the spelling error.
  • A legal name change.
Ensure the change has been made with the appropriate Registrar or Personnel Office before requesting the change to your FAS username.
  • If the automated method of creating the FAS username creates one that is offensive or inappropriate.
George D. Ross, for example, would be able to request a change from gross to ross2 or gdross.
  • If you want to change your username because of a security concern, (e.g., harassment), please email with a report of the problem.

If you fall into one of these categories, please send an e-mail to with the following information:

    1. Harvard University ID number (HUID).
    2. Current username and requested username.
    3. Phone number.
    4. A time when you will not be logged into your account for approximately three hours during a normal business day. The account cannot be changed while you are logged in (i.e. checking e-mail or using a lab computer).
    5. Reason for wanting a username change.

      In sensitive cases in which you are uncomfortable with e-mailing this information, contact the HUIT Service Desk at (617) 495-9000.

      How do I get my IP Address?

      Option 1

      If you are on the Harvard network, click here to get your IP address.

      Option 2

      The following instructions will walk you through obtaining the IP address for either your wired or wireless network adapter.

      Windows Vista/Windows 7

      1. Start Button > Type "cmd" in search field
      2. Select cmd.exe > Type "ipconfig /all"
      3. Find the “Ipv4” listed under Wireless LAN Adapter or Ethernet Adapter (Depending on Type of Connection)

      Windows XP

      1. Start > Run
      2. Type "cmd" and press Enter
      3. Type "ipconfig /all"
      4. Find the “Ipv4” listed under Wireless LAN Adapter or Ethernet Adapter (Depending on Type of Connection) 

      Mac OS X 10.5/10.6

      1. Go to the Network Preference Pane in System Preferences.
      2. Select either Ethernet (Wired) or Airport (Wireless) on the left panel.
      3. Your IP address should appear on the right.

      If you are having trouble locating your IP Address, contact the Service Desk or call (617) 495-7777 for further assistance.

      What else do I need to know about MIDAS, Harvard's application for Managing Identity Data & Affiliation Securely?

      What are the necessary system requirements for MIDAS?

      • Windows: Internet Explorer 10 and higher, Firefox 30.x and higher
      • Mac: Firefox 30.x and higher, Safari 8.x and higher, Chrome 40.x and higher
      • If running reports and using Internet Explorer, downloads should be enabled and any pop-up blockers should be disabled
      • For all operating systems and browsers:
        • Cookies should be turned on
        • Avoid using the browser's Back button; instead, use links within MIDAS
        • Avoid using the browser's Refresh button; instead, use links within MIDAS
        • To view the most data about a person without having to scroll, it is recommended to use the highest screen resolution possible
        • If screen space is an issue, it may be helpful to click Collapse All and then expand the sections of data as desired

      Are there any known issues with MIDAS?

      View the most recent MIDAS Release Notes here.

      Do I have to be on the Harvard network to access MIDAS?

      Yes. MIDAS access is restricted to the Harvard network, which in general terms means you can access MIDAS from a wired connection inside a Harvard building. If you wish to use MIDAS from home or another non-Harvard location, you must first connect to your Harvard VPN, then open your browser, and then log in to MIDAS. If you wish to use MIDAS from a wireless connection, you must either be on the Harvard University (Secure) network or connect via Harvard VPN. If you need help setting up or running your VPN client software, please contact

      Will MIDAS "time out" if I don't use it for a while?

      Yes. MIDAS is configured to time out after 30 minutes of inactivity — the maximum timeframe allowed by Central Administration enterprise information security policy. Learn more.

      Why do I need to request access if I want to use MIDAS?

      MIDAS records include extremely sensitive confidential information. The University is required by law to limit access to confidential data to only the employees who need the access to be able to perform their job responsibilities. Learn more.

      How will I know whether my request form was received and processed, and what roles I was assigned?

      Once you have filled in your Form to Request Access to MIDAS, please submit it via email to You will receive a notice that a ticket has been generated for your request, and you may track progress there. Once your access has been created, you will receive an email notification with additional information about your roles.

      My login works, but I can't access MIDAS. Why?

      MIDAS is authenticated via HarvardKey. In addition to needing a valid login, you also need to be authorized to access MIDAS. If you have not yet filled out a Form to Request Access to MIDAS, you will not have authorization to access.

      Can I view historical data in MIDAS?

      MIDAS is not intended to be a source of historical data (for either students or employees). In some instances, MIDAS may display historical data;  however, this data is not comprehensive. It represents the most current data that has been transmitted from SIS, PeopleSoft, or Advance.

      What are the differences between the MIDAS roles?

      MIDAS Role Description
      Basic Reader User has the ability to verify a person's affiliation with the University and check a person's HUID.
      Enhanced Reader User has the ability to verify a person's affiliation with the University, as well as the ability to view additional data fields.
      Privileged Reader User has the ability to verify a person's affiliation with the University, as well as the ability to view additional data fields, including a person's National ID.
      Alumni Privileged Reader User has the ability to search for and view Alumni data.
      Health & Safety Reader User's job responsibilities include emergency response (Harvard Police Department and University Health Services). MIDAS privileges include those of the Privileged Reader, as well as access to emergency contact information and the ability to disable/enable a person's ID card.
      Basic Manager User can view, create, and modify directory listing data, including directory privacy settings for all people.
      Directory Contact Basic Manager User can view, create, and modify directory listing data, including directory privacy settings for all employees within the user's associated GEO code (grouping of PeopleSoft departments). Permitted to run the report Group Profile Data by GEO Code.
      POI Basic Manager User can create Person of Interest (POI) records, as well as view, modify, and delete data for POIs. User may manage only specific types of POIs.
      LB Basic Manager User can create Library Borrowers, as well as view, modify, and delete data for Library Borrowers. User may manage only library borrowers linked with specific libraries.
      Registrar Basic Manager User can create records for students and class participants, as well as view, modify, and delete data for students. User may only manage students within specific school codes. Permitted to run the following reports: Students with FERPA Block, Students Privacy Settings, and Students With Privacy Outside Default Range.
      HR Privacy Advanced Manager User can view, modify, and delete data for employees and POIs.
      ID Card Advanced Manager User can create POIs, students, and class participants as well as, view, modify, and delete data for the same people. Enabled for ID resolution actions within the application, such as image move or copying and duplicate ID resolution.
      Registrar Advanced Manager User has the same privileges as Registrar Basic Manager, as well as the ability to update FERPA settings.
      Super User User is granted the privileges of all other roles. Includes running reports, disabling/enabling ID cards, and viewing National ID numbers.