Last update: 12 February 2025

These terms apply to the way you use GOV.UK Internal Access. You accept our terms of use when sign in to the service.

Signing in to Internal Access

• You must sign in to Internal Access using a work or corporate email address. Your account should be protected by multi-factor authentication (MFA). When you open emails sent by Internal Access, you should only do this from a work-managed device.

When creating and managing a client application

1. Report any security breaches immediately to report@digital.cabinet-office.gov.uk. This includes the suspected compromise of any client credentials.
2. Make sure each live service you add is unique.
3. Check you have the appropriate consent from recipients before using their personal data.
4. Make sure the data you add to Internal Access is accurate and complies with data protection legislation.
5. Ensure configuration is sufficient to cover the explicit service you are integrating, making sure to remove localhost and other test redirect URLs if no longer needed.
6. Remove team members promptly if they should no longer have access to view, manage or own client applications.