Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.
Cardinal Keys are installed on a per-device basis and are deployed using Cloudpath software. A Cardinal Key should not be installed on shared devices, and the same Cardinal Key should not be used on multiple devices.
After you install a Cardinal Key, you'll need to set a cookie in each browser you intend to use before you can use the Cardinal Key to authenticate to a website or service (Web SSO). See Set a cookie in your browser for instructions, or watch the following video.
- macOS 10.11 or later
- You must have administrator privileges on this device
- BigFix must be installed on the device (students need to adhere to the same security standards as employees)
- Your device must registered and compliant in MyDevices, without an exception on file. If your device does not appear in MyDevices, visit encrypt.stanford.edu for more information. Cardinal Keys are supported on devices monitored by VLRE.
- Cisco AnyConnect VPN client is required for connecting to the Stanford VPN
How to enable Cardinal Key on a Mac
Follow these steps to enable Cardinal Key:
- If you are using Cardinal Key with Firefox, be sure to:
- Ensure that you have installed Firefox Version 75 or higher.
- Enable the use of certificates within Firefox. See How to Enable Cardinal Key for macOS on Firefox Version 75+ below for instructions.
- Install the client certificate on your device.
- Set a cookie to allow you to use Cardinal Key for authentication. You must set a cookie for each browser you intend to use.
- If desired, set up Stanford VPN to use Cardinal Key.
Install a client certificate
- Go to getcardinalkey.stanford.edu (opens in a new window/tab).
- Select the device you are using. If this is an additional device, enter a friendly name for this device and then click Continue.
- Click Download for Mac 10.7 & Newer to download the profile with the client certificates.
- Click Continue to install the Stanford Client Configuration profile.
- Click Install to confirm you want to install the profile.
- Enter the administrator password for your computer.
- The Profiles window displays. It lists the installed certificates. You can now use the Cardinal Key for authentication while using this device, after you set a cookie in your browser.
Set a cookie in your browser
In order to use a Cardinal Key for web authentication, a cookie must be set in each browser you intend to use.
- Launch the browser that you plan to use with the Cardinal Key.
- Go to Accounts and verify that the Cardinal Key is enabled for this browser. If you need to log in with two-step authentication, click the Cardinal Key tab to verify.
Use a Cardinal Key with the Stanford VPN
How to Enable Cardinal Key for macOS on Firefox Version 75+
Follow these steps to use Cardinal Key on Firefox Version 75+ with a macOS machine:
Open Firefox and type "about:config" into the Search bar.
A "Proceed with Caution" screen appears. Select the Accept the Risk and Continue button.
On the next screen, search for "security.osclientcerts.autoload" in the "Search preference name" box.
Click the toggle button to set the value to true.
Open the Firefox Preferences menu.
Select Privacy & Security on the menu on the left.
The Browser Privacy page opens. Scroll down to the Security section.
In the Certificates section, choose the Select one automatically button.
This browser should now be able to use certificates from the Mac certificate store. For instructions on how to install a certificate to use Cardinal Key, see Install a client certificate above.