Skip to content Skip to site navigation

Install a Cardinal Key on a Mac

If you are using assistive technology you may find the facilitated install process more accessible.

Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.

Cardinal Keys are installed on a per-device basis and are deployed using Cloudpath software. A Cardinal Key should not be installed on shared devices, and the same Cardinal Key should not be used on multiple devices.


  • macOS 10.15 or later.
  • You must have administrator privileges on this device.
  • Cardinal Key requires that your device be registered and compliant in MyDevices without an exception. If your device does not appear in MyDevices, visit for more information.
  • Cardinal Key is supported on devices monitored by BigFix or VLRE. One or the other must be installed on the Stanford issued device for faculty and staff.
  • Students are not required to have BigFix installed for compliance, however either BigFix or VLRE are required for Cardinal Key to work. BigFix is optional in the SNSR/SNRT process or can be downloaded here: (NOTE: Do not install both BigFix and VLRE. Having both software will conflict and misreport your status. This may cause your computer to fall out of compliance and Cardinal Key will not work.) 
  • Cisco AnyConnect VPN client is the only supported VPN for use with Cardinal Key and is required for connecting to the Stanford VPN service. 

How to enable Cardinal Key on a Mac

Follow these steps to enable Cardinal Key:

  1. If you are using Cardinal Key with Firefox, be sure to:
    a. Ensure that you have installed Firefox Version 75 or higher.
    b. Enable the use of certificates within Firefox. See How to Enable Cardinal Key for macOS on Firefox Version 75+ below for instructions.

  2. Install the client certificate on your device.

  3. If desired, set up Stanford VPN to use Cardinal Key.

Install a client certificate

  1. Go to (opens in a new window/tab).

  2. Select the device you are using. If this is an additional device, enter a friendly name for this device and then click Continue.

  3. Click Download for Mac 10.7 & Newer to download the profile with the client certificates.

  4. Click Continue to install the Stanford Client Configuration profile.

  5. Click Install to confirm you want to install the profile.

  6. Enter the administrator password for your computer.

  7. The Profiles window displays. It lists the installed certificates. You can now use the Cardinal Key for authentication while using this device, after you set a cookie in your browser.

Use a Cardinal Key with the Stanford VPN

You can use a Cardinal Key for authentication to the Stanford VPN. See Mac: Connect to the Stanford VPN with a Cardinal Key for instructions.

How to enable Cardinal Key for macOS on Firefox Version 75+

Follow these steps to use Cardinal Key on Firefox Version 75+ with a macOS machine:

  1. Open Firefox and type "about:config" into the Search bar.

  2. A "Proceed with Caution" screen appears. Select the Accept the Risk and Continue button.

  3. On the next screen, search for "security.osclientcerts.autoload" in the "Search preference name" box.

  4. Click the toggle button to set the value to true.

  5. Restart Firefox.

Last modified October 24, 2022