Secondary accounts

What are secondary accounts?

Secondary accounts are similar to personal Nexus365 accounts, and they can be shared more easily with multiple people across the University.  They can be created with or without a mailbox and with or without a Single-Sign On (SSO) password. 

Example email addresses that can be used are or

Some examples of when a secondary account may be used could be when:

  • a shared calendar is required for group events
  • several people need to monitor mail sent to an email address
  • several people need to send mail from a common email address
  • the account relates to a specific role and is passed to a different person if the role changes hands

Multi-factor authentication:

Secondary accounts that have Single-Sign On (SSO) enabled require a password to access them, therefore these secondary accounts need to have Multi-factor authentication enabled.

All secondary accounts with an SSO password will have Multi-factor authentication enabled from May 2021.

Secondary accounts without an SSO password will not be impacted by MFA.

See the MFA: Secondary Accounts project page for more details.


This section explains how to set up a secondary account and how to access it.

Expand All

Secondary accounts can be registered for any member of the University, but must be requested by an IT officer through the secondary account request form (ITSS access only).

Following its creation, the owner of an account can update its delegates through the Email Account Delegation service request.

The different types of project account are as follows

Mailbox only

Recommended in most cases.  Created without an SSO password.  A shared mailbox and calendar that can be used by a number of people using mailbox delegations, with individual permissions to send and view mail applied to each.

Delegates can be added and removed from the account by the mailbox owner using the email account delegation service request.

SSO only

For infrastructure management where just an SSO username and password is required to log in.

These accounts have an AD record with status 'User' and do not come with a Linux shell or web instance. 

Mailbox and SSO

Similar to personal Nexus365 mailboxes.

Due to the increased security risk it is recommended that mailbox only accounts are used instead wherever possible.

If you have a mailbox and SSO account and would prefer to use delegations only, you can request to have the 'Single Sign-On' part removed.  See the service request Remove Password (SSO) from a Generic Account.  The request can only be submitted by the account owner or your local IT team.


Resource mailboxes allow authorised users to book rooms, equipment and other resources within your unit.

Guidance for this type of account is available on our resource mailboxes page.

Mailbox delegates can map mailboxes into Outlook in the following way:

  1. Open Outlook
  2. Select File > Account Settings > Account Settings...
  3. Highlight your email address, then select Change...
  4. Select More Settings
  5. Select the Advanced tab, then Add...
  6. Provide the mailbox email address, then OK


If a mailbox is very large it may be better to add this as an account in the following way:  However, it is important to not add an account to Outlook in both ways at the same time. 

  1. Open Outlook
  2. Select File > Account Settings > Account Settings...
  3. Select Add
  4. Provide the name and email address of the mailbox
  5. If neccessary, choose the provider to be Office365
  6. If prompted by a security box, enter your own Oxford username plus @OX.AC.UK (for example abcd1234@OX.AC.UK)
  7. When the Oxford Single Sign-On password page appears, provide your SSO details

To open a shared mailbox:

  1. Log in to Nexus365 using your own SSO and password
  2. Click on your initials or picture in the upper-right corner of the window, and click Open another mailbox
  3. In the Open another mailbox box, enter the name of the mailbox you want to open. Click Open and the mailbox will open in a new window (which can be bookmarked for direct access)
  4. If the mailbox is not found, then repeat step 3, but replace the mailbox name with the email address of the mailbox


To permanently add a shared mailbox to the leftmost column of your default view:

  1. Log in to Nexus365 using your own SSO and password
  2. In the leftmost column, right click Folders
  3. Select Add shared folder
  4. Provide the name of the mailbox
  5. Select the mailbox, then Add

Project accounts with an SSO and mailbox can be added to email clients in the same way as for a personal mailbox, using the SSO username and password of the project account.

    IT Services have a number of service requests, so you can make changes to your secondary accounts.  Please note that only the account owner or IT support staff can make these requests.

    Secondary accounts have an Account Owner and one or more users. You can find out which accounts you own, and which type they are, on the User info page on the Self-registration website.  See instructions for finding out about accounts you are the owner of.

    If you are the Account Owner, you can also find out who has delegated access to a particular secondary account from the same Self-registration website.  See instructions for finding out who has delegated access to a secondary account.

    If you are not sure whether the account or mailbox you use will be affected, please contact the Account Owner to discuss.

    If you have access to an account but are not the Owner, and you don't know who the Owner is, you should speak to your local IT support or the Service Desk, who can look up the owner for you.

    When creating a project account that includes an SSO, it is the responsibility of the mailbox owner to ensure compliance with University policy and to keep records of the use or distribution of shared credentials.  Contact the Information Officer for your unit or department in order to fully understand these responsibilities.

    Due to the increased security risk, it is recommended that mailbox only accounts are used instead of SSO and mailbox accounts wherever possible.  For existing accounts that have both an SSO and mailbox, a request can be made to update these to be mailbox only.

    Get support

    Local IT support provide your first line of on-the-spot help



    Common requests and fault reports can be logged using self-service

       USE IT SELF-SERVICE      

       LOG A SUPPORT CALL     



    The central Service Desk is available 24x7 on +44 1865 6 12345


    If you do not have an SSO account you can use this form to contact the Service Desk