diff --git a/backend/src/middlewares/validateContact.js b/backend/src/middlewares/validateContact.js
index ce3c8273..2a8bcb41 100644
--- a/backend/src/middlewares/validateContact.js
+++ b/backend/src/middlewares/validateContact.js
@@ -1,4 +1,5 @@
 const log = require('../components/logger')
+const { isIdirUser } = require('../components/utils')
 
 /**
  * Validates that the request contact is the current user
@@ -9,9 +10,10 @@ module.exports = function () {
   return async function (req, res, next) {
     log.verbose(`validating contact`)
 
+    if (isIdirUser(req)) return next()
+
     const contactId = req?.params.contactId
     if (!contactId) return next()
-
     const valid = contactId === req.session?.passport?.user.contactId
 
     valid ? next() : res.sendStatus(403)
diff --git a/backend/src/middlewares/validateFacility.js b/backend/src/middlewares/validateFacility.js
index e5587aaa..8b8df08a 100644
--- a/backend/src/middlewares/validateFacility.js
+++ b/backend/src/middlewares/validateFacility.js
@@ -1,4 +1,5 @@
 const log = require('../components/logger')
+const { isIdirUser } = require('../components/utils')
 
 /**
  * Validates that the user is authorized to work with the specified Facility.
@@ -8,8 +9,9 @@ const log = require('../components/logger')
 module.exports = function (portalAccess = true) {
   return async function (req, res, next) {
     log.verbose(`validating facility`)
-    const facilityId = req.params.facilityId ?? req.query.facilityId ?? req.body.facilityId
+    if (isIdirUser(req)) return next()
 
+    const facilityId = req.params.facilityId ?? req.query.facilityId ?? req.body.facilityId
     if (!facilityId) return next()
 
     let valid
diff --git a/backend/src/middlewares/validateOrganization.js b/backend/src/middlewares/validateOrganization.js
index 15026171..303ac75b 100644
--- a/backend/src/middlewares/validateOrganization.js
+++ b/backend/src/middlewares/validateOrganization.js
@@ -1,4 +1,5 @@
 const log = require('../components/logger')
+const { isIdirUser } = require('../components/utils')
 
 /**
  * Validates that the user is authorized to work with the specified Organization.
@@ -8,8 +9,12 @@ const log = require('../components/logger')
 module.exports = function () {
   return async function (req, res, next) {
     log.verbose(`validating organization`)
+
+    if (isIdirUser(req)) return next()
+
     const organizationId = req.params.organizationId ?? req.query.organizationId ?? req.body.organizationId
     if (!organizationId) return next()
+
     const valid = organizationId === req.session?.passport?.user?.organizationId
 
     valid ? next() : res.sendStatus(403)