Skip to content Skip to site navigation

Install a Cardinal Key on a Mac

Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.

Cardinal Keys are installed on a per-device basis and are deployed using Cloudpath software. A Cardinal Key should not be installed on shared devices, and the same Cardinal Key should not be used on multiple devices.

After you install a Cardinal Key, you'll need to set a cookie in each browser you intend to use before you can use the Cardinal Key to authenticate to a website or service (Web SSO). See Set a cookie in your browser for instructions, or watch the following video.

Requirements

  • macOS 10.11 or later
  • You  must have administrator privileges on this device
  • BigFix must be installed on the device (students need to adhere to the same security standards as employees)
  • Your device must registered and compliant in MyDevices, without an exception on file. If your device does not appear in MyDevices, visit encrypt.stanford.edu for more information. Cardinal Keys are supported on devices monitored by VLRE.
  • Cisco AnyConnect VPN client is required for connecting to the Stanford VPN

How to enable Cardinal Key on a Mac

Follow these steps to enable Cardinal Key:

  1. If you are using Cardinal Key with Firefox, be sure to:
    1. Ensure that you have installed Firefox Version 75 or higher.
    2. Enable the use of certificates within Firefox. See How to Enable Cardinal Key for macOS on Firefox Version 75+ below for instructions.
  2. Install the client certificate on your device.
  3. Set a cookie to allow you to use Cardinal Key for authentication. You must set a cookie for each browser you intend to use.
  4. If desired, set up Stanford VPN to use Cardinal Key.

Install a client certificate

  1. Go to getcardinalkey.stanford.edu (opens in a new window/tab).
  2. Select the device you are using. If this is an additional device, enter a friendly name for this device and then click Continue.

    select the device you are installng the certificate on
  3. Click Download for Mac 10.7 & Newer to download the profile with the client certificates.

    download the Stanford Client Configuration profile for Mac OS X
  4. Click Continue to install the Stanford Client Configuration profile.

    click Continue to start the installation process
  5. Click Install to confirm you want to install the profile.

    Click Install to confirm you want to install the profile
  6. Enter the administrator password for your computer.

    enter the administrator password for your computer
  7. The Profiles window displays. It lists the installed certificates. You can now use the Cardinal Key for authentication while using this device, after you set a cookie in your browser.

    window showing the profile with installed certificates

In order to use a Cardinal Key for web authentication, a cookie must be set in each browser you intend to use.

  1. Launch the browser that you plan to use with the Cardinal Key.
  2. Go to Accounts and verify that the Cardinal Key is enabled for this browser. If you need to log in with two-step authentication, click the Cardinal Key tab to verify.

    Cardinal Key tab in accounts is used to enable or disable Cardinal Key for this browser

Use a Cardinal Key with the Stanford VPN

You can use a Cardinal Key for authentication to the Stanford VPN. See Mac: Connect to the Stanford VPN with a Cardinal Key for instructions.

How to Enable Cardinal Key for macOS on Firefox Version 75+

Follow these steps to use Cardinal Key on Firefox Version 75+ with a macOS machine:

  1. Open Firefox and type "about:config" into the Search bar.

    Type about:config

  2. A "Proceed with Caution" screen appears. Select the Accept the Risk and Continue button.

    Proceed with caution

  3. On the next screen, search for "security.osclientcerts.autoload" in the "Search preference name" box.

    Search for security autoload

  4. Click the toggle button Toggle button to set the value to true.

    Set value to true

  5. Restart Firefox.

  6. Open the Firefox Preferences menu.

    Firefox preferences screen

  7. Select Privacy & Security on the menu on the left.

    Firefox privacy and security screen

  8. The Browser Privacy page opens. Scroll down to the Security section.

  9. In the Certificates section, choose the Select one automatically button.

    Select certificate

This browser should now be able to use certificates from the Mac certificate store. For instructions on how to install a certificate to use Cardinal Key, see Install a client certificate above.

Last modified April 7, 2020