Skip to content Skip to site navigation

Cardinal Key

Simplicity and Security

Cardinal Key office hours will occur two days a week — from 2 p.m. to 3 p.m. (PST) Tuesdays and 10 a.m. to 11 a.m. (PST) Fridays. To join office hours, get the Zoom link by visiting #iso-cardinalkey in Slack.

Cardinal key disabled alert on laptop screen

Need to Clear Your Browser Cache & Cookies? Don’t Forget to Re-enable Cardinal Key

April 15, 2021

Stanford is going passwordless! Cardinal Keys reduce or eliminate the need to use your SUNet ID and password for web-based logins and eliminate the need to use your username, password, and two-step authentication for VPN connections.

Cardinal Keys are intended to simplify your login experience while providing stronger protection for your account. Cardinal Keys are far stronger than a username and password.

A Cardinal Key is a digital certificate that is installed on a device and provides a user’s identity to a remote server in place of a SUNet ID and password. Cardinal Keys are installed on a per-device basis, and the same Cardinal Key provides authentication to VPN and web single sign-on.

In order to use a Cardinal Key your device must be running BigFix, VLRE, or Mobile Device Management (MDM) and be compliant.

The Cardinal Key service is not currently supported on the following:

  • Android devices
  • Linux platforms
  • Devices granted a compliance exception

Supported Platforms

Browsers

Platform Chrome Safari Internet Explorer Microsoft Edge Firefox ESR
Windows Supported Not AvailableN/A Supported Supported Supported
Mac Supported Supported Not AvailableN/A Supported Supported
iOS Not Supported Supported Not AvailableN/A Not Supported Not Supported
Android Cardinal Key is not supported on Android and Linux platforms at this time.
Linux

VPN Clients

Platform Cisco AnyConnect Native VPN
Windows Supported Not Supported
Mac Supported Not Supported
iOS Not Supported Supported
Android Cardinal Key is not supported on Android and Linux platforms at this time.
Linux

Features

  • Improves security -  provides greater protection against credential phishing.
  • Less typing - reduces the need to enter SUNet and password on compliant devices.

Designed for

Faculty, staff, and students 

Requirements

  • Valid SUNet ID with Two-Step Authentication configured
  • Computer running BigFix or VLRE, or mobile device managed by Mobile Device Management (AirWatch)
  • Device must be compliant, without an exception on file, in MyDevices
  • You must have administrator rights on the computer in order to install a Cardinal Key
  • Supported operating systems:
    • Windows 8 and later
    • macOS 10.14 and later
    • iOS 12 and later
  • Cisco AnyConnect VPN client is required for connecting to the Stanford VPN with Windows and Mac computers

Data security

May be used on devices that store and transmit Low, Moderate, and High Risk Data.

Rates

Free of charge

Get started

Please note: A Cardinal Key is unique to a device, so a single Cardinal Key should not be installed on multiple devices.

For those in the initial phase, to get started download and install a Cardinal Key:

Facilitated Install - Configure Cardinal Key automatically for Windows and Mac.

Manual Install - Configure Cardinal Key manually.

Get help

For assistance, please submit a Help ticket.

Learn more

Last modified September 23, 2021