Additional Verification for SSO

If you have arrived here because you have just registered your mobile phone number successfully then congratulations!  You are ready to use Additional Verification and can simply access the resource you require as you have been instructed.

If you want to know more about this service or need some help using it then please read on...

Expand All

Additional Verification allows you to use your SSO account to access resources that require an extra level of security.  The system is similar to those used by many banks when you transfer money from your account online.  Additional Verification is invoked by an application when it requires extra assurance that you really are you, perhaps because you are doing something that is of high sensitivity or high importance.

When you try to access something that is protected by this service, you are taken to a page where you can request an SMS text message containing a single use code to be sent to your mobile phone.  On receipt of the message you enter this code into our system in a similar fashion to entering your SSO username and password.  You are authenticated with higher assurance because the authentication depends on something only you have (your mobile phone) as well as something only you know (your password).

Each SMS code is valid for login for 15 minutes from issue, not from receipt.  This means that if it has not arrived 15 minutes after you requested it, then it will not be valid and you will need to restart the login process.  This should be an extremely rare event.

In the future, alternative methods of Additional Verification may be added that might use something other than a text message to your mobile as the additional step.

To use Additional Verification you must have a mobile phone, preferably with a UK number, able to receive SMS text messages.  We must have on record at least one contact email address for you.

If you are a virtual card holder, please ensure you have registered an email address with us.  Unfortunately, if you did not previously have an email address registered with us, you will need to wait until the following day before registering for Additional Verification.

  1. Register your mobile phone for Additional Verification, and provide the requested personal details to assure the system that you are really you.
  2. Provide your mobile number, with non-UK phone numbers provided with a 00 prefix before the country code.
  3. Type the code that will then be sent to you into the registration page to prove you receive messages sent to the number provided.

If that all works then you have succeeded in registering your mobile phone for the Additional Verification service. Well done!

You will be notified by email every time a mobile number is registered against your SSO account.  If you receive such a notification, and have not tried to register a new mobile number, please contact the Service Desk to let us know without delay.

Once you have registered your mobile number you do not have to do anything special to use Additional Verification.

To help keep your interactions with services secured by Additional Verification are secure, every time you use the service please ensure that:

  • the address bar in your browser starts with https://, not http://.
  • when encountering any certificate related warnings in your web browser you consult IT Staff before proceeding further.

Checks completed, you simply access the service you require using the URL of that service and instructions as provided to you by the service owner.  If you have not already performed a normal SSO username and password login then you will be asked to do that.  You will then be taken to a screen that has a Request new code button to request a code is sent to your phone, you must then input that code when you receive it.  It is as simple as that!

If you know you are going to be using this service in a place where you are unable to have a mobile phone switched on, or there is no reception, then you can request a code in advance and use it up to 15 minutes later.

If you change your mobile number for any reason then you will need to register it again.  You do not need to deregister the old number, the new number will overwrite it. 

There is currently no way to "wipe" a mobile number from your SSO account.

There is no need to panic if you lose your mobile phone, however you should:

  • change your Single sign-on password in case it is stored somehow on that phone, particularly on smartphones that might have also been used to access email.

  • get the lost phone blocked by your mobile service provider.

Your phone is useless for Additional Verification in the wrong hands without your username and password.

If your replacement phone keeps your lost phone's number then you can safely restart using Additional Verification once you are happy that you can receive text messages to your original number.  Alternatively you can register a different mobile phone.

If you do not receive the SMS text message you requested containing the verification code then please check the following before contacting IT Support Staff.

  • Is your phone switched on with a healthy battery?
  • Does your phone have reception?  If not you can request a code up to 15 minutes before you will need it.
  • Was your correct mobile phone number displayed on the verification page after requesting a code?
  • Does your phone have space available in its inbox for incoming messages? If not try deleting some old text messages.

Your mobile operator may also have a backlog of SMS text message traffic, causing delays.  In these cases we recommend trying again later.

Get support

Local IT support provide your first line of on-the-spot help



Common requests and fault reports can be logged using self-service




The central Service Desk is available 24x7 on +44 1865 6 12345


If you do not have an SSO account you can use this form to contact the Service Desk