How it works

How it works

  1. Applying for an Individual Unipass
  2. Collecting your individual Unipass
  3. Support
  4. Unipass Controllers
  5. Unipass expiration, renewal and revocation
  6. Revoking Unipass
  7. Changes of detail
  8. What is Unipass?
  9. How much does it cost?

Would you like to understand more about:

  • How it all works?
  • How to apply?
  • What we do with your application?

Click below for more information.

  1. Applying for an Individual Unipass

    Who can apply and how?

    The following categories of individual are eligible to apply:

      • Financial advisers and support staff of FSA regulated financial intermediary firms
      • Staff of product provider and lender firms
      • Staff of portal, back office software providers and other third party firms providing services to the UK financial services industry.

    Note: Only certificates issued to financial advisers and administrative staff of intermediary firms are generally accepted on product provider and lender extranets.

    To apply, go to the Home Page and click on Apply now.

    Please note that all individuals applying for an individual Unipass will have to accept our Data Protection Policy. A copy of this can be found on our Legal Information page.

    What information is required?

    When you apply you are asked to provide the following information via the secure web application form:

      • first and last name
      • direct dial telephone number
      • mobile phone number (optional - to enable us to provide additional services in future)
      • email address
      • security information (memorable date, secret Q&As, etc.)
      • branch postcode, normally the postcode of your work location.

    If you are the first applicant from your firm, you will also have to accept the Unipass Contract online. This contract is called the End User Organisation Contract for use of Individual Certificates; you can view it on our Legal Information page. You will also be asked to provide the company name, address, telephone number, as well as your job title and two agency references (one for tied agents).

    What happens after I submit the application?

    We validate your application in accordance with our operations manual, known as the "Unipass Certificate Practice Statement" (CPS)  - you can also view this on our Legal Information page.

    When we've done this, we send you a "Welcome" email, normally within two working days of submitting your application.

  2. Collecting your individual Unipass

    • When your application has been approved, we send you a Welcome email containing instructions for collecting your Unipass and a link for the My Toolbox Login page.

    After you get the email, the next stage is to log into the My Toolbox area. You can do this by clicking on the link in the Welcome email and entering your email address, your memorable date and a code displayed on the login page.

    Once you've logged in, you'll see a link Collect my Unipass in the left hand bar of the page.

    To collect your Unipass:

      • click on Collect my Unipass
      • tick the box on the next page to indicate your acceptance of the Unipass Data Protection Policy and the Unipass Certificate Rules of Use
      • click on the Collect button and click to accept any warning messages that  follow.

    Your Unipass should now be loaded in your browser.

    • Once you have collected your Unipass, you will automatically be forwarded after a few seconds to our Test my Unipass page, which you can also use to test a Unipass which you have already collected.

  3. Support

    • There is a manned Unipass Helpdesk normally available Monday to Friday, 09:00 to 17:00. It can be  contacted on 0871 22 12345, or by email at helpdesk@unipass.co.uk.

    • There is a Frequently Asked Questions section on this website.

    • If you have a problem using your Unipass on a third party website, such as that of a Provider, Lender or Portal web site, but it still seems to be working correctly on the Test my Unipass page, we suggest that you contact the support desk of the third party for assistance in the first instance.

  4. Unipass Controllers

    • To make it easier to manage Unipass, each firm is encouraged to appoint someone, or several people in a larger firm, as a Unipass Controller.

    • Unipass Controllers are asked to approve or reject applications from within their organisation. They are also asked to approve, reject or amend requests to change details in most cases. An exception to this are requests to change personal security information.

    • Unipass Controllers are given access to the Unipass Control Centre, an area of the Unipass website set up specifically for their use. Here they may carry out online their basic functions of approving and rejecting pending applications and requests, as well as see an overview of the holding of Unipass certificates across their organisation. They may also initiate requests to reactivate applications, revoke certificates and give notice of individuals having left the company (or being imminently about to leave).
    • A Unipass Controller may appoint or remove other Unipass Controllers, as well as amend the details of the organisation to which they belong.
    • Unipass Controllers are individuals in which their firms palce a higher than normal degree of trust. As such, they must follow the "Unipass Controllers Guidelines" which are available in the "Guidelines" section of the Useful Documents page.
    • If no Unipass Controller has been appointed, we will instead contact the contract owner of the firm by email and ask them to approve or reject applications, etc., by email.

  5. Unipass expiration, renewal and revocation

    • Your initial Unipass is valid for a period of one year. Thirty days prior to its expiry date, we will email you to advise you of how to renew it. Following renewal, a subsequent Unipass will be valid to the anniversary of the issue of the original one. Depending on how soon your Unipass is renewed, and this may result in a validity period of up to 13 months.
    • If it is not renewed, your Unipass will expire at the end of that period. Unfortunately, once it has expired your Unipass cannot be renewed as such, but we may be able to issue you with a replacement. If you are in this position and you wish to continue to use Unipass, please contact your firm's Unipass Controller (see below), if there is one, or the Unipass Helpdesk for advice.
    • During its period of validity, a Unipass may be revoked, rendering it unusable from that point forward. Once revoked, a Unipass cannot be reactivated, although we may be able to issue you with a replacement.
    • Revocation does not change the content of the certificate, but it puts its serial number on a list of revoked certificates accessible to the operators of the websites that accept Unipass. When anyone attempts to log into a website with a certificate, the websites check the serial number against the list of revoked Unipass certificates and refuse access if it is found there.
    • You may revoke your Unipass yourself via this website (to do so, log into My Toolbox and click on the revoke my unipass link1 on the left hand side of the page) or you may request your Unipass Controller or the Unipass Helpdesk to do so on your behalf. You should revoke your Unipass in any of the circumstances described in the section Revoking Unipass below.
    • We will normally revoke your certificate only at your request. In exceptional circumstances, however, we may revoke it on our own initiative, e.g. if we suspect it is being misused or that you are no longer eligible to hold one containing the current details. Before we do so we shall normally try to contact you to discuss the matter, but if we have difficulty in contacting you we will choose to err on the side of security by revoking your Unipass and advising you by email that we have done so. If it turns out that you are still eligible to hold a Unipass, we shall issue you with a new one, with amended details if appropriate. We can normally do so in the space of a few minutes.

    1This link will only be visible if you have a Unipass.

  6. Revoking Unipass

    • Revoking a Unipass is the process of making it unusable - think of it like reporting a stolen credit card. This should be done whenever you think its security may have been compromised (e.g. when someone else may have obtained your private key by stealing your laptop or copying it from your PC). You should also revoke your certificate if you no longer require it, e.g. when leaving your firm's employment.

    • You can revoke your Unipass in any of the following ways:
      • You can do it yourself by logging into My Toolbox and clicking on the revoke my unipass link1 on the left hand side of the page.
      • Your Organisation's Unipass Controller(s), if there is one, can revoke your Unipass via the Unipass Control Centre, a part of this website accessible only by them.
      • The Unipass Helpdesk will do this for you during their service hours. If you wish them to do so, please call us on 0871 22 12345 or email helpdesk@unipass.co.uk.

    1This link will only be visible if you have a Unipass.

  7. Changes of detail

    • Your Unipass cannot be changed once it has been issued. However, your life may not be that simple!

    • If any of the details you have supplied to us needs to be changed, this can be done by logging into My Toolbox and clicking on the change my details link on the left hand side of the page. Depending on what has changed, we may need to revoke your Unipass and issue you with a new one. Please note that we will normally ask your Unipass Controller or the Unipass Contract owner in your firm to confirm the changed details (this does not apply to personal security information).

  8. What is Unipass?

    • Unipass is a single means of identification and authentication principally intended to replace usernames and passwords for financial intermediaries accessing the websites of product providers, lenders and other service providers to the UK financial services industry.
    • In technical terms, it is a digital certificate. This is a piece of data that is loaded on your PC together with private and public keys. When you log into a Unipass enabled website, the website challenges behind the scenes for the certificate and by using the public key the website can determine that you have the private key, thereby authenticating your identity. All this happens behind the scenes, apart from your having to click on the certificate in a window to allow its use the first time you access a participating website in a browser session.

    Think of it as a digital passport!

    Note: You should not allow anyone other than yourself access to your certificate as this would allow them to use your identity (as well as being a breach of the terms of the Unipass contract).

  9. How much does it cost?

    Financial Intermediaries

    • Unipass is provided free of charge to financial intermediaries and other end users. The costs of the service are borne by the organisations accepting Unipass on their websites. These are typically Life & Pension Providers, Lenders, Portals and other third party service providers.

    Product Providers, Lenders and other Relying Parties

    • Organisations operating extranets and websites wishing to offer access via Unipass require to enter into a contract with Origo Secure Internet Services. For details of the appropriate contract and for details of the charges applicable, please email admin@unipass.co.uk.