Cardinal Key required starting this summer

Starting in this summer Cardinal Key will be required for computers and phones accessing Stanford resources such as Axess, webmail, and Stanford’s Google Drive. To get Humanities and Sciences ready, H&S IT and CRC will be proactively reaching out to departments and programs to get Cardinal Keys installed on staff and faculty devices. 

What is Cardinal Key?

A Cardinal Key is a certificate that is saved on your computer or phone that reduces or eliminates the need to use your SUNet ID and password for weblogin and VPN. 

Who needs a Cardinal Key?

In broad terms, anyone covered by the encryption mandate (except emeritus staff and faculty) will also need a Cardinal Key. 

Affected populations

  • Staff 
  • Faculty
  • Postdoc

Sponsored affiliates and student staff may also need to use Cardinal Key.  We are working with the Information Security Office to understand how those populations will be impacted.  Emeriti (both Staff and Faculty) will not be required to use Cardinal Key.

H&S Cardinal Key Rollout

H&S IT is planning a communication campaign to get the word out about the Cardinal Key requirement. Over the course of the summer we will add H&S users to the Cardinal Key group, adding a few units each week. 

As part of new computer setups and support with CRC, consultants will remind users that Cardinal Key will be required in the future.

One key detail: the Cardinal Key requirement is for the person, not the device. If a person requires Cardinal Key, all of their devices used for Stanford work will require Cardinal Key. 

Exceptions

Cardinal Key doesn’t currently support Linux and Android. If you have a Linux or Android device in MyDevices, you will be unable to use Cardinal Key and will be added to an exception list. Those on the list will not be required to use Cardinal Key. 

Even with an exception, we encourage the use of Cardinal Key on your supported computers and phones. 

How to get a Cardinal Key

To get a Cardinal Key for your device, go to https://cardinalkey.stanford.edu/ and click on “Get  a Cardinal Key”. 

To check if your Cardinal Key is configured for use with Stanford websites, visit https://login.stanford.edu/cookie/x509 from each browser you commonly use for work (see the compatibility chart on the Cardinal Key website).

If you need help setting up a Cardinal Key, please submit a ticket.

What this means for you

While Cardinal Key may sound like it just swaps a password for something else, this is a major change in how users access Stanford resources.

For a Cardinal Key to remain active, a device must be verifiably encrypted using Stanford’s compliance software. In the past using a personal computer for Stanford work was possible without encrypting. Now Cardinal Key will be required, and, by extension, Stanford’s compliance software will be required for all systems (personal or otherwise) accessing Stanford systems.