Why we changed it

GOV.UK One Login is the cross-government standard for signing in to GOV.UK services. As a centrally funded programme, our service was required to integrate with One Login to provide a consistent and secure sign-in experience.

We explored both of the journeys offered by GOV.UK One Login:

  • the basic authentication journey
  • the identity verification journey (which requires uploading ID documents such as a passport or driving licence)

Identity verification in GOV.UK One Login is currently dependent on UK-issued documents. While non-UK passports with biometric chips are accepted, other identity options (e.g. UK photocard driving licence, biometric residence permit, biometric residence card or Frontier Worker permit) are limited to UK-based applicants. The only fallback options are either answering security questions based on UK financial records or visiting a Post Office in the UK, both of which are unsuitable for international applicants.

We carried out desk research to check whether the countries eligible to use the Apply for Qualified Teacher Status (AQTS) service issue biometric passports and to understand when these were introduced. We noted that while many countries have adopted biometric passports as a standard practice, a few have yet to implement them. This informed our decision to proceed with the simpler authentication journey, which only requires an email address and phone number. It avoids document upload and provides fairer access to the service for international applicants.

What we’ve changed

We changed the way users sign in to the AQTS service by integrating with GOV.UK One Login. We chose the authentication journey, which does not require applicants to upload identity documents. This decision reduces friction and improves access, particularly for international users with limited connectivity or access to UK documents.

How we approached it

Understanding user and service needs

We began by mapping the upstream and downstream service dependencies. This included conversations with other services like Access Your Teaching Qualifications (AYTQ), which helped us explore how One Login behaves across different journeys.

For example, a user applying via AQTS who later accesses AYTQ does not need to create a separate One Login account, as both services use the same authentication route.

We carried out an options appraisal of both One Login journeys. We assessed technical feasibility, data privacy implications, and potential impact on users, particularly those applying from outside the UK.

We also held design workshops with digital and operations teams to identify key points in the journey where users would need to sign in. For example, when continuing a draft application or responding to a request for further information.

Research and discovery

We ran exploratory user research with international applicants to understand how the new login requirements might affect their ability to access the service. Participants included confident tech users and those with lower digital access and literacy.

From this, we learned that:

  • applicants in countries such as Ghana and Nigeria often access the service using public infrastructure (e.g. school or government networks) due to limited personal data or device access
  • in some parts of India, teachers reported power cuts lasting up to two weeks during monsoon season, affecting connectivity
  • while most users were able to complete the One Login process, some raised concerns about the 15-minute time limit, which didn’t account for connectivity disruptions or delays in receiving codes
  • e-mail was consistently preferred over SMS for receiving verification codes. This was particularly noted in regions with low or unstable network coverage. In such cases, applicants felt more confident that an e-mail will be delivered successfully compared to an SMS, which may either be delivered late or not at all.
  • a few participants saw One Login as something designed primarily for UK-based users, and were unsure whether they could trust or access it

We also sought advice from policy and operations colleagues to explore the data protection implications of the identity verification route, including risks related to storing and managing identity documents.

Prototyping and testing

We then developed and tested two different service journeys:

  • Version 1 introduced the One Login screen before the eligibility check. Users found this confusing. The distinction between the GOV.UK One Login and the QTS service was unclear, and some participants were frustrated by the order of steps.
  • Version 2 placed the One Login step after the eligibility check. This was better received. We also added an “Important” blue message box to highlight that the user was now entering a GOV.UK One Login flow, not continuing within AQTS.

Image showing two different versions of messaging tested with users.

“I would want to check my eligibility first [...] If I see the button saying ‘check your eligibility’ first, I would do that first, as the other information isn’t relevant.” Quote from usability testing interview (OLIR2_31).

These tests helped us understand which support content, fallback methods and error states were needed.

What we did to implement the change

We updated the AQTS prototype to incorporate the GOV.UK One Login authentication screens, ensuring that error states, fallback options and page messages aligned with GOV.UK style.

We ran a role-play activity where the digital team acted out different user journeys:

  • accessing the service if you already have a One Login
  • accessing the service for the first time
  • returning to the service after being timed out or changing device mid-process
  • using different authentication apps to ensure that no matter which app you used, you were able to complete the authentication journey and access the service

We collaborated closely with the GOV.UK One Login implementation team to make the journey live with minimal disruption to our users as possible.

What’s next

We are monitoring:

  • sign-in success and failure rates
  • user support contacts related to login, timeout, or account re-entry
  • session continuity for users switching between GOV.UK services

We’ve also encountered edge cases, such as:

  • applicants re-registering because the email they originally used was deleted or no longer accessible.

As a result, we have reviewed guidance to encourage applicants to use the same email address when registering for both QTS and One Login.

More generally, we are continuing to assess feedback that our users provide by completing the service feedback form.