Stanford is going passwordless! Cardinal Keys reduce or eliminate the need to use your SUNet ID and password for web-based logins and eliminate the need to use your username, password, and two-step authentication for VPN connections.
Cardinal Keys are intended to simplify your login experience while providing stronger protection for your account. Cardinal Keys are far stronger than a username and password.
A Cardinal Key is a digital certificate that is installed on a device and provides a user’s identity to a remote server in place of a SUNet ID and password. Cardinal Keys are installed on a per-device basis, and the same Cardinal Key provides authentication to VPN and web single sign-on.
In order to use a Cardinal Key your device must be running BigFix, VLRE, or Mobile Device Management (MDM) and be compliant.
The Cardinal Key service is not currently supported on the following:
- Android devices
- Linux platforms
- Devices granted a compliance exception
Supported Platforms
Browsers
| Platform | Chrome | Safari | Internet Explorer | Microsoft Edge | Firefox ESR |
|---|---|---|---|---|---|
| Windows | Supported | Not AvailableN/A | Supported | Supported | Supported |
| Mac | Supported | Supported | Not AvailableN/A | Supported | Supported |
| iOS | Not Supported | Supported | Not AvailableN/A | Not Supported | Not Supported |
| Android | Cardinal Key is not supported on Android and Linux platforms at this time. | ||||
| Linux | |||||
VPN Clients
| Platform | Cisco AnyConnect | Native VPN |
|---|---|---|
| Windows | Supported | Not Supported |
| Mac | Supported | Not Supported |
| iOS | Not Supported | Supported |
| Android | Cardinal Key is not supported on Android and Linux platforms at this time. | |
| Linux | ||
Features
- Improves security - provides greater protection against credential phishing.
- Less typing - reduces the need to enter SUNet and password on compliant devices.
Designed for
Faculty, staff, and students
Requirements
- Valid SUNet ID with Two-Step Authentication configured
- Computer running BigFix or VLRE, or mobile device managed by Mobile Device Management (AirWatch)
- Device must be compliant, without an exception on file, in MyDevices
- You must have administrator rights on the computer in order to install a Cardinal Key
- Supported operating systems:
- Windows 8 and later
- macOS 10.14 and later
- iOS 12 and later
- Cisco AnyConnect VPN client is required for connecting to the Stanford VPN with Windows and Mac computers
Data security
May be used on devices that store and transmit Low, Moderate, and High Risk Data.
Rates
Free of charge
Get started
Please note: A Cardinal Key is unique to a device, so a single Cardinal Key should not be installed on multiple devices.
For those in the initial phase, to get started download and install a Cardinal Key:
Facilitated Install - Configure Cardinal Key automatically for Windows and Mac.
Manual Install - Configure Cardinal Key manually.
Get help
For assistance, please submit a Help ticket.
Learn more
- Using Your Cardinal Key
- Windows: Connect to the Stanford VPN via Cisco AnyConnect with a Cardinal Key
- Mac: Connect to the Stanford VPN via Cisco AnyConnect with a Cardinal Key
- iOS: Connect to the Stanford VPN with a Cardinal Key
- View Your Cardinal Keys
- Delete a Cardinal Key
- Revoke a Cardinal Key
- Expired Cardinal Keys
- Frequently Asked Questions
- Known Issues
- Resources for IT Professionals: Shared Devices
