Switch to OAuth2 (EN)
Due to the transition to a more secure and modern method of authentication using OAuth2 and due to the end of support for the original method of authentication, users of the faculty e-mail at CTU who have e-mail clients set up for logging in using the original method (so-called basic authentication with name and password) must change this setting in their clients.
If you are using the original authentication method and you do not change the settings by 30/11/2022, your login to the e-mail client will stop working. It is possible to change the e-mail client settings even after this date. The e-mail client will additionally download the missing messages from the mentioned date.
Does this change affect me?
If, when adding the faculty mailbox to your e-mail client, you entered your password directly in the dialogue window of the e-mail client and not in the CTU SSO login window of the Office365 portal (office365.cvut.cz, see the picture below), this change applies to you, and you should modify the settings by the above date.
Changes in individual clients
Users of the following supported e-mail clients are affected by this change and must make a configuration change:
- Thunderbird – Modern authentication does not work on Thunderbird version 77 and earlier. If you are using this version you will be forced to update the application. You can find out the client version using this guide. If you have added your faculty e-mail to Thunderbird within the last 6 months and left your account settings at their default settings, it is likely that you are already using a modern authentication method and do not need to change your settings. Instructions for changing the configuration can be found in the section Settings changes in Thunderbird.
- Outlook 2007 or Outlook 2010 – The modern authentication method is not supported in these clients and it is necessary to update these clients to at least Outlook 2016 version or switch to an alternative e-mail client.
- Outlook 2013 – Modern authentication is available starting with Outlook 2013 Service Pack 1 and later. Even if you have the appropriate version, you must first enable modern authentication in the Windows registry according to this guide.
- Mobile e-mail clients pre-installed by the device manufacturer – Apple, Samsung, etc. – The setting is specific according to the manufacturer and the version of the client. However, most of the newer ones should already work with the new login method and reconfiguration should not be necessary.
Users of the following e-mail clients are not affected by this change and do not have to change their configuration:
- Web client at https://outlook.office.com/
- Outlook 2016 and higher
- Outlook for Mac
- Outlook for iOS and Android
Settings changes in Thunderbird
Right-click your account name and select Settings.
Go to the Server Settings menu and set the Authentication Method to OAuth2.
Go to the Outgoing Server (SMTP) menu, click on the entry corresponding to the faculty e-mail and click Edit….
Set the Authentication method to OAuth2.
You should now see the CTU SSO login page for Office365. CTU username in the format
Log in using theusername@cvut.cz
and the CTU password. If the login page does not appear, restart Thunderbird by closing all its windows and then restart the Thunderbird client itself. You will see the page after the restart. If you are still having trouble logging in, it is possible that you have disabled cookies in the application. If so, continue here.You will be asked if you want to stay logged in and asked to allow access to Thunderbird. Confirm both requests.
- To verify that the settings change was completed successfully, you can send an e-mail to your own address. The application should no longer ask you to enter a password.
Allowing necessary cookies
If you were unable to log in when changing the Thunderbird client settings, you may have cookies disabled in the application. In this case, it is necessary to add the web servers that allow you to log in to the exceptions.
Open Settings by clicking on the gear icon.
Go to Privacy & Security.
Here, in the Web Content section, press Exceptions.
- Enter the following servers in the text field one by one and press Allow for both:
Press Save Changes.
- Continue with the original guide here.