IT Services accounts

Each University member has an Oxford username that stays with you through your time at the University and is reused if you leave and return within 5 years.

All recent Oxford usernames are of the form abcd1234, where abcd is a code for the college or department you are first affiliated with.

Your Oxford account is separate from any other local college or departmental accounts you may have, though its username is often used for other University accounts in the format abcd1234@ox.ac.uk.

Your single sign-on (SSO) account is used to access many services.

The account uses your Oxford username, SSO password, and multi-factor authentication (MFA). When using a web browser, you only provide your details once to access most other SSO authenticated services. It is therefore important to close all instances of your web browser to sign out.

The account is created automatically and you initially activate your SSO account by setting up its password and security profile.

• Staff, visitors, and part-time students, are provided with an activation code by their HR or IT team.
• Undergraduates, postgraduates and visiting & recognised students, are emailed an activation code to the address registered with their Student Record. This process starts from July 1st, December 1st, or April 1st, following the generation of the University Card record. A replacement email address will be requested from college admission officers when necessary, such as where a school email address was used and will no longer work.

If your activation code expires before the SSO account is activated, please contact the Service Desk.

The Nexus365 service can provide access to email, calendaring, Teams, and other Microsoft 365 features.

The account is created automatically and synchronised with the SSO account, so uses your Oxford username, SSO password, and multi-factor authentication (MFA).

Active directory (AD)

An AD record enables MFA and allows access to SharePoint.

University members have an AD record with status ‘UserMailbox’. Non-University members, with a University card type of cardholder or virtual, have an AD record with status ‘MailUser’.

Personal mailbox

A mailbox is created for University members along with their SSO account, though a retiree’s mailbox will be removed if not used within six months of being created. Non-University members, with a University card type of cardholder or virtual, do not receive a personal mailbox.

A mailbox owner can delegate access and sending permissions to others if required, such as to provide access for a personal assistant.

To allow people to be contacted and for Outlook’s Autodiscover to work, the email addresses of personal mailboxes are displayed to other University members in Nexus' Global Address List (GAL). If a personal mailbox must be hidden from the GAL, approval is required from the head of the person's unit.

Often referred to as project or generic accounts, secondary accounts can provide a mailbox and calendar that can be shared with multiple people across the University. The account can also be passed on to a new owner if the role-holder changes.

Secondary accounts can be requested by IT support staff (ITSS) for University members within their unit. Details of how to request, access, or delegate mailbox permissions, are available on our shared and secondary accounts page.

Secondary mailbox

A secondary mailbox may be used where:

• several people monitor a mailbox
• several people send mail from a common email address
• a shared calendar is required for a group event
• a mailbox is used for a specific role and can passed on if the role holder changes

Adding an SSO password to the account adds a security risk, so is only advisable when:

• the mailbox will be accessed using an IMAP or mobile phone email application
• login details are required for non-Nexus facilities

Resource mailbox

A resource mailbox is used for calendaring or room booking.

This secondary account type cannot be created with an SSO password. The account has an Active Directory (AD) record with status ‘RoomMailbox’ or ‘EquipmentMailbox’.

SSO only

For infrastructure management where SSO credentials are required to log in to an account.

This secondary account type does not come with a Linux web or shell account. The account has an AD record with status 'User'.

The Remote Access account is used to authenticate:

• The eduroam WiFi service, at Oxford or other institutions that use eduroam
• Network connections in some University owned graduate accommodation

The Remote Access account can be registered or updated through the IT Services self-registration pages by University members.

The account uses the Oxford username and its own password, which must never be the same as your SSO password.

A CONNECT account is used to authenticate access to the managed staff PC service, the Remote Desktop service, CONNECT network drives, and some web based services.

The CONNECT account is created when you are registered to access any of the above services.

The account uses the Oxford username and CONNECT password.

The Linux service provided by IT Services provide a general purpose computer system running Debian GNU/Linux. The system provides access to the personal web file storage and a wide range of software, but no commercial programs or mail delivery.

The web and shell account can be activated through the IT Services self-registration pages by University members.

The account uses the Oxford username and SSO password.