Cardinal Key troubleshooting steps
1. Ensure the device is listed in MyDevices and is compliant. If it isn't listed see "a)" below.
2. Click on the device name and ensure there is a Cardinal Key certificate listed and the status is: OK. If a Cardinal Key is not found or the status is revoked, see "b)" below.
3. If the above is true, and the client is still getting a Cardinal Key error, confirm the device itself has a Cardinal Key certificate. See steps in "c)" below.
4. If it does, close the browser fully and re-open it.
5. Navigate to a Stanford website and try to sign in. If prompted, click the affirmative option to use Cardinal Key. If the client doesn't see a Cardinal Key prompt and they are using Firefox browser, see steps outlined in "d)" below.
6. Accept 2FA.
7. Confirm successful login.
a) If the device isn't in MyDevices, then it needs to be registered using SDR or MDM. Allow up to 8 hours before it appears in MyDevices.
b) Ensure Jamf (macOS/iOS) or BigFix (Windows) or Intune (Android) recently checked in, if yes, then install a Cardinal Key. If the status is "revoked", then install a new Cardinal Key.
c) Check KeyChain (macOS) or Certificate Manager (Windows) or mobile device settings (iOS/Android) to ensure there is a Cardinal Key certificate installed locally on the device. If one is not present, then install a new Cardinal Key.
d) Check Firefox settings. Click the three bars top right, and choose "Settings" then "Privacy & Security" then scroll down to "View Certificates..." then click "Authentication Decisions" locate the line item "login.stanford.edu" and click on it, then click "Delete..." then click OK. Close Firefox and re-open it. Retry step #5 above from the beginning.