Skip to main content

Using Your Cardinal Key

Cardinal Keys simplify your login experience by reducing or eliminating the need to use your SUNet ID and password for web-based logins and VPN connections.

Get a  Cardinal Key

A different Cardinal Key needs to be installed on each device that you plan to use for Cardinal Key authentication.

  1. Check the Cardinal Key requirements to make sure you can use a Cardinal Key on your device.
  2. Go to getcardinalkey.stanford.edu to download and install a Cardinal Key for your platform.

Use a Cardinal Key for Stanford Login (web single sign-on) authentication

Once your Cardinal Key is enabled, you'll be able to access Stanford Login-protected websites and web services without having to enter your SUNet ID and password. You will, however, still be prompted for two-step authentication.

Using a Cardinal Key with a Chrome or Safari browser

If you are using a Cardinal Key with a Chrome or Safari browser, you will be prompted to select a certificate to use for authentication each time you open your browser. This is true even if you have only one certificate installed on your computer. Select the certificate that represents your Cardinal Key.

select a certificate to use for authentication

If you choose a certificate that is not a valid Cardinal Key the page will not load and you'll get an error message.

Note for Mac users: The first time you use a Cardinal Key with Chrome or Safari you may be prompted to sign in to  your keychain. Enter you computer admin password and click Always Allow. You should not see this prompt again.

log in to your keychain with your computer admin password

Use a Cardinal Key for VPN authentication

Connecting to the Stanford VPN with a Cardinal Key eliminates the need to authenticate with your SUNet ID, password, and two-step authentication.

  • Configure your device to connect to the Stanford VPN.

Cardinal Key VPN connections are split-tunnel. This means that all stanford.edu traffic goes through the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection.

Last modified