In our environment, we use Cisco AnyConnect VPN. People don't have local admin rights to their Macs and initially when people connect, a prompt is shown for system keychain to access from within AnyConnect in order for it to work for them. We do have user certs as well.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.