1. What is the Oxford username and Single Sign-On?
Your Oxford username is usually of the form
abcd1234, where abcd is a code for your college or department 1. It is administered by IT Services and is separate from any other local college or departmental accounts you may have.
Your Oxford username gives you access to many web-based services at Oxford (e.g. WebLearn, Self-Registration, course booking) through Oxford's Web Single Sign-On service (Webauth). Single Sign-On means that after your initial login, you can use associated services without having to re-enter your username and password.
It isn't just web-based services that are part of Single-Sign On: you will need your Oxford username to access the central GNU/Linux service and your personal web pages. There are also many services hosted outside IT Services that use Single Sign-On such as some library resources and the OxCORT Tutorial system.
You will also need your Oxford username to access your Nexus account via the web interface or via an email client installed on your computer. Strictly speaking the Nexus service is not fully integrated with Oxford's Single Sign On system and so even if you have logged in to the Nexus web interface you will still need to log in again to access other SSO services; more on this later.
You may hear your Oxford username referred to as your Single Sign-On account (or SSO account), your Webauth account and you may even hear it referred to simply by using the name of a service, eg your Nexus account.
2. Single Sign-On, Webauth, and Nexus - what does it all mean?
Despite the many names you might hear being used, things are really quite simple. Your Oxford username and password can be used to login to Webauth – this will start a Single Sign-On session to avoid you having to re-enter your details. The same Oxford username and password are used to login to Nexus (over the web or using a desktop client).
Webauth underlies Single Sign-On for web-based services, and you will only find the official Webauth service under the address https://webauth.ox.ac.uk/. Webauth looks like this:
Webauth also provides options to change your password, reset an expired password, and recover a forgotten password.
With the exception of the Nexus web interface (more on this below), Webauth is the only web page where you should enter your Oxford username and password. You can think of Webauth as a central authentication system that is trusted by various services in Oxford to handle all the username and password checking so that each individual service doesn't need to do it for itself. It is highly secure and very convenient as you only need to enter your username and password once in order to visit multiple independent web services. To end your Single Sign-On session ("logout") you will need to close your web browser (that includes quitting all running copies of your web browser.
The exception mentioned earlier is the Outlook Web Access (OWA) part of the Nexus service at https://nexus.ox.ac.uk/owa. This page will prompt you for your Oxford username and password on a Nexus login screen rather than the Webauth login screen. The Nexus login screen looks like this:
Your username and password are the same ones that you use for Webauth.
3. Services using the Oxford Username
The Oxford username is used to access the following service from IT Services:
- The GNU/Linux service
- Personal web space on users.ox.ac.uk
- WebLearn (Oxford's Virtual Learning Environment)
- Sending email from outside the Oxford network
- IT Services Self Registration for software downloads, managing accounts and viewing data about you
Other University applications which use the Oxford username include:
- E-resources provided by The Bodleian Libraries including OXAM
- Graduate Supervision System (GSS)
- OxCORT Tutorial system
There are some central services that notably do not use the Oxford username and/or password. These include:
- The HFS backup service
- IT Service Remote access service (used for VPN, Graduate Accommodation network connections and eduroam: more on this later)
These services are, however, requested and managed through the IT Services self-registration pages which are SSO-enabled. In other words whilst these services use a different username and password you still need an Oxford username to manage your access to these services.
An increasing number of local college and departmental applications now use SSO so you may even find yourself logging in via Webauth to access a local helpdesk, connect to your college's local Ethernet network or even book a meal.
4. Remote access is different!
If you need to connect to the University network from another institution, from home or wirelessly you need the IT Services remote access service. Although the remote access account uses your Oxford username it is not integrated with the Single Sign-On system and has a different password.
The remote access account provides access to the following services:
- The Virtual Private Network (VPN) service (including OWL VPN)
- The Eduroam wireless service
- Network Connections in some University-owned graduate accommodtion
Current students, staff and official visitors may register for a remote access account via the IT Services self-registration pages and you will need to use your Oxford username to register and manage your remote access account.
To find out more see the remote access pages.
5. Browsers accessing Oxford's web based services
Most web browsers (including Internet Explorer, Firefox, and Safari) work with Oxford's web services out-of-the-box.
The particular features your browser must support are:
- Cookies - these are used to hold information about your SSO login status.
- SSL Certificates - these are the digital equivalent of ID cards which help other people identify you, and help you identify other people, web sites, and organizations. Certificates are issued and administered by Certificate Authorities (CAs). Oxford uses certificates that have been signed by either QuoVadis or Trend Micro, both of which will automatically be accepted as a trusted CA by most modern browsers.
If you are security-conscious enough to use a custom security configuration then you may want to bear in mind the following points:
- for cookie settings - you will need to accept cookies either automatically or when prompted. If you are very concerned about cookies you can delete them at the end of your browser session to avoid any ongoing tracking
- for CA certificates - you will need to trust certificates issued by the Certificate Authorities that we use (QuoVadis or Trend Micro)
6. What do to about a forgotten or expired Oxford username or password
Regardless of whether your password has expired or you have forgotten it, our online facilities for managing your Oxford/SSO account will allow you to change or reset the password to get it working again.
- If you do not remember your current or expired password, then the password reset facility will allow you to set a new one.
- If your password is due to expire or has expired and you still know what it is, you can use the change password facility to select a new one.
- If you have forgotten your username and you are using Outlook on a PC you can look yourself up in the Address Book on Outlook. You need to right-click on your own entry and then choose "properties". Your username is shown as your alias in the information box that appears.
- If you can't find your username as above or are having other difficulties with the above facilities, contact your local IT Staff or the IT Services service desk.
- You will find further details and helpful advice about passwords and accounts on the "Changing or recovering a password" web page.
Note : If your University Card expires your Oxford username account will expire simultaneously. Your Oxford username account may also be expired on instruction from the Proctors or Registrar.