Every new school year, the same scenario repeats for thousands of teachers and administrative staff: finding the webmail address, remembering their credentials, and then hoping the connection goes through without an error message. The academic messaging system of Lyon remains the official channel for professional communications of the National Education in the Rhône, Ain, and Loire departments. Knowing how to connect quickly and protect your account against phishing attempts is essential.
HTTPS Protocol and Certificates: What Really Secures the Connection to ac-lyon Webmail
Even before you enter your credentials, your browser negotiates an encrypted exchange with the academy’s server. This protocol, called HTTPS, prevents a third party from intercepting your password during transmission. If your browser displays a certificate warning, the connection is not secure.
Further reading : How to Easily Share and Spread Your Ideas Using an Innovative Platform
The Lyon academy has mandated exclusive access via HTTPS for webmail and via POPS for email clients for several years. Unsecured connections (plain HTTP, unencrypted POP) are closed. This technical choice means that a poorly configured email client simply will not be able to connect.
Have you ever seen a “invalid certificate” message when opening your email? This occurs when the server’s certificate has expired or when your browser does not recognize the certification authority. In this case, do not force access. Wait for the server-side certificate to be updated, or check that your computer’s date and time are correct, as a time zone discrepancy often triggers this alert.
Further reading : Complete guide to successfully connect to Oze 92 and activate your ENT
To access the Lyon academy webmail smoothly, use an up-to-date browser (Firefox, Chrome, Edge) and type the full address directly into the bar instead of going through a search engine, which reduces the risk of landing on a phishing page.
Academic Credentials and First Connection: Common Mistakes
The email identifier follows a standardized format set by the National Education, usually consisting of the first letter of the first name followed by the last name. The initial password is either the NUMEN or a temporary password provided by the rectorate.
Two mistakes consistently occur during the first connection:
- Confusing the email identifier with the ARENA portal or I-Prof identifier, which may differ slightly between academies
- Forgetting to change the temporary password, which locks the account after a few unsuccessful attempts
- Using an old password after a change mandated by the rectorate’s security policy
Change your password upon first connection. Choose a combination of at least twelve characters mixing uppercase, lowercase, numbers, and special characters. A short or predictable password (school name, birth year) exposes your inbox to intrusion attempts.
Lost Password: The Concrete Procedure
Resetting your password goes through the academy’s assistance portal. You must provide your NUMEN and a previously registered backup email address. If no backup address is configured, only the IT service of the rectorate can unlock the account. Allow several days for processing during the back-to-school period.
Spam Quarantine and Blind Carbon Copy: Two Daily Security Reflexes
The national messaging system of the National Education now includes a dedicated spam quarantine module. Suspicious messages are no longer simply moved to a “junk” folder: they are isolated in a quarantine space that you can consult via the official tutorial “I manage my spam quarantine” on Mon Aide Numérique.
This module deserves regular checking. Legitimate messages (notices, transfer notifications) can end up there if the sender uses a poorly configured server. Check your quarantine at least once a week to avoid missing a professional email mistakenly filtered out.
Data Protection in Communications with Parents
A point rarely addressed in connection tutorials but directly related to the security of your messaging: the use of the “blind carbon copy” (Bcc) field. Guidelines published by the TICE department of the Loire (Lyon academy) explicitly remind to never share parents’ email addresses with other parents.
When sending a group message to a list of families, place all addresses in Bcc. Putting thirty addresses in the visible recipient field constitutes a violation of GDPR. Each parent could then retrieve the addresses of others, use them for unintended purposes, or expose them in case of hacking of their own inbox.
Configuring an Email Client with Lyon’s IMAP and SMTP Settings
Webmail in a browser is suitable for occasional consultation. For daily use, configuring Thunderbird, Outlook, or your smartphone’s mail app offers more comfort. Here are the settings to enter:
- Incoming server: IMAPS protocol (port 993, SSL/TLS), which synchronizes your folders across all your devices, unlike POP which downloads and then deletes
- Outgoing server: SMTPS protocol with authentication, allowing you to send emails from your academic address without going through webmail
- Identifier: your full academic address ([email protected])
- Password: the one you use on the webmail portal
If the connection fails, check that your firewall or your institution’s network has not blocked the relevant ports. Some institutional Wi-Fi networks filter outgoing connections on ports 993 and 465.
Why Prefer IMAP over POP
The POP protocol downloads messages to a single device and deletes them from the server. As a result, emails read on your computer disappear from webmail. IMAP keeps everything on the server and synchronizes reading, folders, drafts. For multi-device use, IMAP is the only coherent choice.
The Lyon academy has strengthened its digital security department at the rectorate, with the recruitment of a deputy CISO dedicated to this mission. This organizational evolution reflects an increasing focus on cybersecurity issues that goes beyond just password concerns. For users, the actions remain the same: a strong password, an up-to-date browser, a verified quarantine each week, and blind carbon copy for every group email.