Skip to content Skip to site navigation

Install a Cardinal Key on Windows

If you are using assistive technology you may find the facilitated install process more accessible.

Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.

Cardinal Keys are installed on a per-device basis and are deployed using Cloudpath software. A Cardinal Key should not be installed on shared devices, and the same Cardinal Key should not be used on multiple devices.

After you install a Cardinal Key, you'll need to set a cookie in each browser you intend to use before you can use the Cardinal Key to authenticate to a website or service (Web SSO). See Next steps for instructions.

Requirements

  • Windows 8.1 or 10 or later.
  • You must have administrator privileges on this device.
  • Cardinal Key requires that your device be registered and compliant in MyDevices without an exception. If your device does not appear in MyDevices, visit Encryption at Stanford for more information.
  • Cardinal Key is supported on devices monitored by BigFix or VLRE. One or the other must be installed on the Stanford issued device for faculty and staff.
  • Students are not required to have BigFix installed for compliance, however either BigFix or VLRE arerequired for Cardinal Key to work. BigFix is optional in the SNSR/SNRT process or can be downloaded on the BigFix webpage. (NOTE: Do not install both BigFix and VLRE. Having both software will conflict and misreport your status. This may cause your computer to fall out of compliance and Cardinal Key will not work.)
  • Cisco AnyConnect VPN client is the only supported VPN for use with Cardinal Key.

How to enable Cardinal Key on Windows

  1. Download a Cardinal Key.
    Note: If you are using the Firefox browser, see the instructions in the next section on How to Enable Cardinal Key for Windows 10 on Firefox Version 72 or later, then follow these instructions to install it.
    • Devices with a wireless adapter (i.e. Laptops, iMacs, & MacMini’s) — go to: getcardinalkey.stanford.edu.
    • Devices that lack a wireless adapter (i.e. Desktops & Virtual Machines) — skip to Step 6.
  2. Different profiles are installed for wireless and wired devices.
  3. Provide a name for the device you are using if you wish and then click Continue.
    The device name helps you identify your Cardinal Key.

  4. Click Download .exe for Windows to download the NetworkWizardLoader file. Follow the install prompts.

  5. After downloading, double-click the NetworkWizardLoader.exe file to run it. (Typically, the file is located in your Downloads folder or on your desktop.) Skip to Step 8.
  6. Click on Show all operating systems.

  7. Click on Step 1 through Step 3 to install the certificates and follow the prompts.

  8. For devices with a wireless adapter, a congratulations message displays when the Cardinal Key has been installed successfully. 



    For devices that lack a wireless adapter, only one checkmark displays, along with a misleading error message that you can ignore. This is normal behavior when the Cardinal Key is installed successfully. Close the window and proceed to the next steps, below.

Next steps

In order to use a Cardinal Key for web authentication, a cookie must be set in each browser you intend to use.

  1. Launch the browser that you plan to use with the Cardinal Key.
     
  2. Go to Accounts and verify that the Cardinal Key is enabled for this browser. If you need to log in with two-step authentication, click the Cardinal Key tab to verify.

Use a Cardinal Key with the Stanford VPN

You can use a Cardinal Key for authentication to the Stanford VPN. See Windows: Connect to the Stanford VPN with a Cardinal Key for instructions.

How to enable Cardinal Key for Windows 10 on Firefox Version 72 or Greater

Follow these steps to use Cardinal Key on Firefox Version 72 or greater with a Windows 10 machine:

  1. Open Firefox and type "about:config" into the Search bar.
  2. A "Proceed with Caution" screen appears. Select the Accept the Risk and Continue button.
  3. On the next screen, search for "security.osclientcerts.autoload" in the "Search preference name" box.
  4. Click the toggle button to set the value to true.
  5. Restart Firefox.
Last modified October 18, 2021