Non-Stanford, but managed by BigFix and compliant devices, can use a Cardinal Key.
You can connect to the Stanford VPN using a Cardinal Key on your device to authenticate. This eliminates the need to enter your SUNet ID, password, and authentication method for two-step authentication.
You'll need to use the Cisco AnyConnect VPN client to connect to the Stanford VPN with a Cardinal Key.
Two types of Cardinal Key VPN connections are available:
- CardinalKey-VPN (split-tunnel) allows access to anything at stanford.edu via the VPN connection but non-Stanford traffic flows normally on an unencrypted internet connection.
- CardinalKey-FullTraffic (non-split-tunnel) encrypts all internet traffic from your computer but may inadvertently block you from using resources on your local network, such as a networked printer at home. This also allows access to library journals as if you were on campus.
Before you begin
Make sure you have the following installed on your device:
Connect to the Stanford VPN using a Cardinal Key for Mac
- Launch the Cisco AnyConnect Secure Mobility Client.app.
Open your Applications folder and navigate to Cisco > Cisco AnyConnect Secure Mobility Client.app.
- Select su-vpn.stanford.edu and then click Connect.
- When prompted for the keychain password, enter your computer administrator password and then click Always Allow. You may see this prompt more than once.
- In the Group list, select Cardinal Key-VPN or CardinalKey-FullTraffic and click OK.
- For macOS High Sierra (v. 10.13) and later users: You may see a System Extension Blocked message. Click OK to open the Security Preferences or navigate to System Preferences > Security & Privacy. Next to the message saying that system software from Cisco was blocked from loading, click Allow.
- A dialog box displays showing that the CardinalKey-VPN will be used for authentication. Click OK.
Note: This step downloads the Cardinal Key profile for subsequent connections; it doesn't use the Cardinal Key for authentication on this connection.
- A notice briefly appears in the menu bar to show that you are connected to the su-vpn.stanford.edu VPN.
- Click Disconnect to disconnect from su-vpn.stanford.edu.
- From the Cisco AnyConnect client, select CardinalKey-VPN or CadinalKey-FullTraffic.
Once you have successfully connected to the Stanford VPN using a Cardinal Key, this becomes your default setting for subsequent connections to the VPN.
A notice briefly appears in the menu bar to show that you are connected to the VPN with a Cardinal Key.
Connect to the Stanford VPN without a client certificate
If you decide that you do not want to use a Cardinal Key for authentication, you can connect to the VPN using your SUNet ID and password, followed by two-step authentication. On the VPN website, see Connect to the Stanford VPN for instructions.