Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.
Cardinal Keys are installed on a per-device basis and are deployed using Cloudpath software. A Cardinal Key should not be installed on shared devices, and the same Cardinal Key should not be used on multiple devices.
After you install a Cardinal Key, you'll need to set a cookie in each browser you intend to use before you can use the Cardinal Key to authenticate to a website or service (Web SSO). See Set a cookie in your browser for instructions, or watch the following video.
- macOS 10.14 or later.
- You must have administrator privileges on this device.
- Cardinal Key requires that your device be registered and compliant in MyDevices without an exception. If your device does not appear in MyDevices, visit https://encrypt.stanford.edu for more information.
- Cardinal Key is supported on devices monitored by BigFix or VLRE. One or the other must be installed on the Stanford issued device for faculty and staff.
- Students are not required to have BigFix installed for compliance, however either BigFix or VLRE are required for Cardinal Key to work. BigFix is optional in the SNSR/SNRT process or can be downloaded here: https://uit.stanford.edu/software/bigfix. (NOTE: Do not install both BigFix and VLRE. Having both software will conflict and misreport your status. This may cause your computer to fall out of compliance and Cardinal Key will not work.)
- Cisco AnyConnect VPN client is the only supported VPN for use with Cardinal Key and is required for connecting to the Stanford VPN service.
How to enable Cardinal Key on a Mac
Follow these steps to enable Cardinal Key:
If you are using Cardinal Key with Firefox, be sure to:
a. Ensure that you have installed Firefox Version 75 or higher.
b. Enable the use of certificates within Firefox. See How to Enable Cardinal Key for macOS on Firefox Version 75+ below for instructions.
Set a cookie to allow you to use Cardinal Key for authentication. You must set a cookie for each browser you intend to use.
If desired, set up Stanford VPN to use Cardinal Key.
Install a client certificate
Select the device you are using. If this is an additional device, enter a friendly name for this device and then click Continue.
- Click Download for Mac 10.7 & Newer to download the profile with the client certificates.
- Click Continue to install the Stanford Client Configuration profile.
- Click Install to confirm you want to install the profile.
- Enter the administrator password for your computer.
- The Profiles window displays. It lists the installed certificates. You can now use the Cardinal Key for authentication while using this device, after you set a cookie in your browser.
Set a cookie in your browser
In order to use a Cardinal Key for web authentication, a cookie must be set in each browser you intend to use.
- Launch the browser that you plan to use with the Cardinal Key.
- Go to Accounts and verify that the Cardinal Key is enabled for this browser. If you need to log in with two-step authentication, click the Cardinal Key tab to verify.
Use a Cardinal Key with the Stanford VPN
How to enable Cardinal Key for macOS on Firefox Version 75+
Follow these steps to use Cardinal Key on Firefox Version 75+ with a macOS machine:
Open Firefox and type "about:config" into the Search bar.
A "Proceed with Caution" screen appears. Select the Accept the Risk and Continue button.
On the next screen, search for "security.osclientcerts.autoload" in the "Search preference name" box.
Click the toggle button to set the value to true.