Oxford username, Single Sign-On password and Multi-factor authentication

Expand All

Your Oxford username is usually of the form abcd1234, where abcd is a code for your college or department. It is administered by IT Services and is separate from any other local college or departmental accounts you may have.

Your Oxford username gives you access to many web-based services at Oxford (e.g. Self-Registration and course booking) through the Single Sign-On service. Single Sign-On means that after your initial login, you can use associated services without having to re-enter your username and password.


It isn't just web-based services that are part of Single-Sign On: you will need your Oxford username to access the central GNU/Linux service. There are also many services hosted outside IT Services that use Single Sign-On such as some library resources and the OxCORT Tutorial system.

You will also need your Oxford username to access your Nexus account via the web interface or via an email client installed on your computer. Strictly speaking the Nexus service is not fully integrated with Oxford's Single Sign-On system and so even if you have logged in to the Nexus web interface you will still need to log in again to access other SSO services; more on this later.


You may hear your Oxford username referred to as your Single Sign-On account (or SSO account), or you may even hear it referred to simply by using the name of a service, e.g. your Nexus account.

Despite the many names you might hear being used, things are really quite simple. Your Oxford username and Single Sign-On password can be used to log in and this will start a Single Sign-On session to avoid you having to re-enter your details.

Webauth is the name of the webpage you go to to set up, change, or reset an expired password, and recover a forgotten password.

Oxford Single Sign-On is the only web page where you should enter your Oxford username and Single Sign-On password. You can think of Oxford Single Sign-On as a central authentication system that is trusted by various services in Oxford to handle all the username and password checking so that each individual service doesn't need to do it for itself. Once you have entered your Oxford Single Sign-On details you will need to enter your additional authentication credentials to proceed.

To end your Single Sign-On session ("logout") you will need to close your web browser (that includes quitting all running copies of your web browser).

Multi-factor authentication (MFA) is being implemented for customers of Single Sign-on (SSO) across the University. Anyone with a Single Sign-On account will be expected to adopt multi-factor authentication. This will include:

  • A new login page, with University of Oxford branding. On this page, the customer is expected to enter only their Oxford username and Single Sign-On cresentials. This should be done in the format of abcd1234@OX.AC.UK. Note that all letters after the @ symbol are capitalised.
  • A change to the Single Sign-On password length. Customers will be required when changing their password, to use a minimum of 16 characters. This change will take place on a rolling basis, with customers required to change their passwords upon expiry of their current password.
  • Second factor – A second step will be added which involves customers receiving a code (e.g. via a mobile, landline or text message) or generating a code using the mobile app (this requires no mobile (4G etc.) or Wi-Fi connectivity to their mobile device) clicking approve and entering the code into the required field when prompted. Once the second factor is activated, the requirement to enter a code will depend on individual circumstances such as devices, settings and location, and so most users will rarely be prompted. This will be phased in for all customers starting the 11th November 2020 to March 2021. Single Sign-On customers will be changed over in alphabetical order of surname.  
  • Help and guidance is available for setting up Multi-factor authentication.

Following the implementation of the first factor change (Oxford-branded Microsoft login page), it will be mandatory to follow the University password policy and have a unique password of at least 16 characters (Note, it will only affect users when their existing password expires and they are required to change it).  

The Oxford username is used to access the following service from IT Services:

If you need to connect to the University network from another institution, from home or wirelessly you need the IT Services remote access service. Although the remote access account uses your Oxford Username it is not integrated with the Single Sign-On system and has a different password.

The remote access account provides access to the following services:

Current students, staff and official visitors may register for a remote access account via the IT Services self-registration pages and you will need to use your Oxford username to register and manage your remote access account.

To find out more see the remote access pages.

Most web browsers (including Chrome, Edge, Internet Explorer, Firefox, and Safari) work with Oxford's web services out-of-the-box.

The particular features your browser must support are:

Cookies - these are used to hold information about your SSO login status.
SSL Certificates - these are the digital equivalent of ID cards which help other people identify you, and help you identify other people, web sites, and organizations. Certificates are issued and administered by Certificate Authorities (CAs). Oxford uses certificates that have been signed by either QuoVadis or Trend Micro, both of which will automatically be accepted as a trusted CA by most modern browsers.
If you are security-conscious enough to use a custom security configuration then you may want to bear in mind the following points:

for javascript settings - you will need to trust scripting from nexus.ox.ac.uk
for cookie settings - you will need to accept cookies either automatically or when prompted. If you are very concerned about cookies you can delete them at the end of your browser session to avoid any ongoing tracking
for CA certificates - you will need to trust certificates issued by the Certificate Authorities that we use (QuoVadis or Trend Micro)

Regardless of whether your password has expired or you have forgotten it, our online facilities for managing your Single Sign-On/SSO account will allow you to change or reset the password to get it working again.

  • If you do not remember your current or expired password, then the password reset facility will allow you to set a new one.
  • If your password is due to expire or has expired and you still know what it is, you can use the change password facility to select a new one.
  • If you have forgotten your username and you are using Outlook on a PC you can look yourself up in the Address Book on Outlook. You need to right-click on your own entry and then choose "properties". Your username is shown as your alias in the information box that appears.
  • If you can't find your username as above or are having other difficulties with the above facilities, contact your local IT Staff or the IT Services service desk.

 

Note : If your University Card expires your Oxford username and Single Sign-On account will expire simultaneously. Your Oxford username account may also be expired on instruction from the Proctors or Registrar offices.

Get support


Local IT support provide your first line of on-the-spot help

FIND MY LOCAL IT TEAM

 

Common requests and fault reports can be logged using self-service

   USE IT SELF-SERVICE      

   LOG A SUPPORT CALL     

VIEW MY SUPPORT CALLS  

 

The central Service Desk is available 24x7 on +44 1865 6 12345 (check central IT support arrangements over Christmas)

 

If you do not have an SSO account you can use this form to contact the Service Desk