Stanford is going passwordless. Cardinal Keys reduce or eliminate the need to use your SUNet ID and password for web-based logins and eliminate the need to use username, password, and two-step authentication for VPN connections.
Cardinal Keys are intended to simplify your login experience while providing stronger protection for your account. Cardinal Keys are far stronger than a username and password.
A Cardinal Key is a digital certificate that is installed on a device and provides a user’s identity to a remote server in place of a SUNet ID and password. Cardinal Keys are installed on a per-device basis, and the same Cardinal Key provides authentication to VPN and web single sign-on.
In order to use a Cardinal Key your device must be managed by BigFix or Mobile Device Management (MDM) and be compliant.
The Cardinal Key service is not currently supported on the following:
- Computers not running BigFIx
- Android devices
- Linux
- Firefox browsers
- Devices granted a compliance exception
Supported Platforms
| Platform | Browsers | VPN Clients | |||||
|---|---|---|---|---|---|---|---|
| Chrome | Safari | Internet Explorer | Microsoft Edge | Firefox | Cisco AnyConnect | Native VPN | |
| Windows | Supported | Not Supported | Supported | Supported | Not Supported | Supported | Not Supported |
| Mac | Supported | Supported | Not Supported | Not Supported | Not Supported | Supported | Not Supported |
| iOS | Supported* | Supported | Not Supported | Supported | Not Supported | Not Supported | Supported |
| Android | Cardinal Key is not supported on Android and Linux platforms at this time. | ||||||
| Linux | |||||||
| *Due to Chrome limitations, iOS users should use Safari to configure their device. | |||||||
Features
- Improves security - provides greater protection against credential phishing.
- Less typing - reduces the need to enter SUNet and password on compliant devices.
Designed For
Faculty, staff, and students
Requirements
Note: Cardinal Keys are not currently supported for Firefox browsers. Support will be added in a future phase.
Everyone
- Valid SUNet ID with Two-Step Authentication configured
- Computer managed by BigFix or mobile device managed by Mobile Device Management (AirWatch)
- You must have administrator rights on the computer in order to install a Cardinal Key
- Supported operating systems:
- Windows 7 and later
- macOS 10.7 and later
- iOS 10 and later
- Cisco AnyConnect VPN client is required for connecting to the Stanford VPN with Windows and Mac computers
Faculty, staff, and affiliates
- Device must be compliant, without an exception on file, in MyDevices
Data Security
May be used on devices that store and transmit Low, Moderate, and High Risk Data.
Rates
Free of charge
Get Started
Please note: A Cardinal Key is unique to a device, so a single Cardinal Key should not be installed on multiple devices.
For those in the initial phase, to get started download and install a Cardinal Key for your platform:
Get Help
For assistance, please submit a Help ticket.
Learn More
- Using Your Cardinal Key
- Windows: Connect to the Stanford VPN via Cisco AnyConnect with a Cardinal Key
- Mac: Connect to the Stanford VPN via Cisco AnyConnect with a Cardinal Key
- iOS: Connect to the Stanford VPN with a Cardinal Key
- View Your Cardinal Keys
- Delete a Cardinal Key
- Revoke a Cardinal Key
- Expired Cardinal Keys
- Frequently Asked Questions
- Known Issues
