Cardinal Key required

Starting the summer of 2021, University IT is requiring Cardinal Key for computers and phones accessing Stanford resources such as Axess, webmail, and Stanford’s Google Drive. The majority of staff and faculty devices at the School of Humanities and Sciences have Cardinal Key installed. For the remaining devices ISO, H&S IT, and CRC will proactively reach out to departments and programs to complete the installation through the rest of 2022.

What is Cardinal Key?

A Cardinal Key is a certificate that is saved on your computer or phone that reduces or eliminates the need to use your SUNet ID and password for weblogin and VPN. 

Who needs a Cardinal Key?

In broad terms, anyone covered by the encryption mandate (except emeritus staff and faculty) will also need a Cardinal Key. 

Affected populations

  • Staff 
  • Faculty
  • Postdoc

More details about who is covered by Stanford's computer security mandate is available, https://uit.stanford.edu/guide/encrypt/faq/who-is-covered-by-mandate

H&S Cardinal Key Rollout

H&S IT will work with ISO to provide communication about the Cardinal Key requirements and installation instructions for the rest of the H&S community without Cardinal Key installation.

As part of new computer setups and support with CRC, consultants will remind users that Cardinal Key will be required in the future.

One key detail: the Cardinal Key requirement is for the person, not the device. If a person requires Cardinal Key, all of their devices used for Stanford work will require Cardinal Key. 

Exceptions

Cardinal Key doesn’t currently support Linux and Android. If you have a Linux or Android device in MyDevices, you will be unable to use Cardinal Key and will be added to an exception list. Those on the list will not be required to use Cardinal Key. 

Even with an exception, we encourage the use of Cardinal Key on your supported computers and phones. 

How to get a Cardinal Key

To get a Cardinal Key for your device, go to https://cardinalkey.stanford.edu/ and click on “Get  a Cardinal Key”. 

To check if your Cardinal Key is configured for use with Stanford websites, visit https://login.stanford.edu/cookie/x509 from each browser you commonly use for work (see the compatibility chart on the Cardinal Key website).

If you need help setting up a Cardinal Key, please submit a ticket.

What this means for you

While Cardinal Key may sound like it just swaps a password for something else, this is a major change in how users access Stanford resources.

For a Cardinal Key to remain active, a device must be verifiably encrypted using Stanford’s compliance software. In the past using a personal computer for Stanford work was possible without encrypting. Now Cardinal Key will be required, and, by extension, Stanford’s compliance software will be required for all systems (personal or otherwise) accessing Stanford systems.