Enroll Knox Devices
Enrolling Devices is the first stage in managing a mobile device, this document will explain you in detail about various steps involved in enrolling Samsung Knox devices.
- On the web console, navigate to Enrollment
- Click Enroll Device and fill in the appropriate information
- Domain Name: Choose the Domain Name from the drop down, if you do not have any domain name, select Default Workgroup
- User Name: Enter the user's name whose device needs to be enrolled.
- Email address: It is mandatory to enter the e-mail address of the user who will receive the enrollment request.
- Platform: Specify the platform from the drop down menu, as Android.
- Owned By: Owner of the device either Corporate or Personal.
Note: Corporate Samsung devices running Android 11.0 or above can not be enrolled using this method.
- Assign to Group: Specify the group to which the device should be added. If you select an existing group from the drop down, then the newly added device will automatically get all the Apps and profiles which were already distributed to the group. By doing so you can automate the process of imposing the minimum required restrictions and Apps to all the newly added devices.
- If required, enable the check box stating "Automatically distribute license if it is a Knox enabled device", which is displayed. This will make license distribution as automatic for Knox devices enrolled henceforth.
- Click Enroll to enroll the device.
If you add a new group name, then a new group will be created and the device will be added to it.
(Applicable only for MDM On-Premises) Ensure that you configure your Proxy settings, and the mail server settings, so that you the user can receive the email with the OTP.
End users will receive an e-mail with the enrollment instructions and the link to enroll the devices. Based on the authentication policy defined for enrollment, users will be receiving the OTP. Users need to manually install the MDM profile by clicking on the enrollment request. All enrolled devices will be listed in the Devices Tab in the Mobile Device Manager Plus console under Groups and Devices.
Enrolling additional devices for same user
You can enroll multiple devices for the same user. In case a user has more than one mobile device that needs to be managed, you can enroll those devices by following the steps mentioned below;
- On the web console, navigate to Enrollment
- Under Enrollment tab choose the User Name to whom you wanted to enroll the additional device
- Under Actions click button
- Specify the Platform as iOS or Android
- Specify the Owned By type as Corporate or Personal and click Enroll
The mail to enroll additional device would be sent to the specified user.
This option facilitates you to enroll many devices at the same time. You can simply create a csv file with the User Name, Domain Name, Email, Platform and Owned by details and upload the same. Multiple entries should be in separate lines. Refer the below mentioned csv file for example,
Sample CSV Format
- The CSV file should contain the following fields: User Name, Domain Name, Email Address, Platform Type, Owned By, Group Name and UDID.
- UDID is applicable only for iOS devices
- The fields User Name, Email Address and Platform Type are mandatory. All the other fields are optional. If not provided, default values are taken.
- The default values for various non-mandatory fields are:
Domain Name -- MDM
Owned By -- Corporate
Group Name -- Default Group for given Owned By & Platform Type.
- The first line of the CSV is the column header and the columns can be in any order.
- Blank column values should be comma separated.
- If the column value contains comma, it should be specified within quotes.
Follow the steps mentioned below, to enroll devices through Bulk Enrollment.
- On the web console, navigate to Enrollment
- Click Bulk Enrollment. A window opens, click Browse to upload the created CSV file and Import the same
Enrollment mail will be sent to all the users listed in the csv file. ;/li>
Enrollment Process on Knox devices
The users, upon receiving the enrollment requests, can enroll their device as mentioned below:
User needs to copy the Server Name, Port Number and OTP given in the e-mail. On the user's device an ME MDM App that has been exclusively designed for SAFE and Knox devices will be downloaded. ME MDM App for SAFE and Knox devices has advanced management capabilities unlike normal android devices.
- Users will receive a mail for enrollment and will have to click on the link in the e-mail, to start the enrollment process.
- Mobile Device Manager Plus will recognize the device as normal android device, SAFE device or Knox device including the version of Android (Android 4.2 and above or below), then the user will be automatically directed to the App's PlayStore page and the appropriate App for Knox (ME MDM App for Android 4.2 and above) can be downloaded. If Mobile Device Manager Plus is unable to identify the device, user will be provided with a link which explains the list of SAFE and Knox devices. User can refer to the link and then choose to download the appropriate App. The ME MDM App for Android 4.2 and above is designed to manage Knox devices. On choosing to download the appropriate App, the user will be directed to the App's PlayStore page from which the App can be downloaded.
- Users will have to enter the name of the certificate as ME MDM and click OK
- App can be downloaded by clicking on Download
- Once the download becomes successful, users will have to click on the downloaded ME MDM App to install it.
- After the installation completes, users should open the App.
- Then the users need to provide the One Time Password (OTP) or Active Directory/Azure credentials after opening the app. This depends on the authentication type. If two factor authentication is enabled, then users will have to provide both the OTP and the AD/Azure credentials.
- Users should accept the Terms and Conditions by clicking Continue
- Next, the users should enable Device Administrator on their mobile device and click Activate
- Now, the users can see that their devices have been enrolled successfully.
When a device gets enrolled, the user will receive an App Catalog from where apps distributed through Mobile Device Manager Plus can be installed. Administrators will also be notified that a new user has enrolled the device. If any specific profiles or Apps were distributed to the group where the device is enrolled, then the newly added device will automatically receive all the applied profiles and distributed Apps.
ME MDM App icon will be listed on all enrolled mobile devices. By clicking the MDM App icon, MDM App opens and the end user can see the distributed Apps and associated profiles listed here. Profiles that are associated to the devices will be listed under Policies and Restrictions. Device Details will provide the complete information about the device.
Also, an exclusive Knox container is created within the mobile device. By clicking the Knox container icon, the user can access the Policies and Restrictions page on the Container. On clicking Create Knox Container, the user will be prompted to accept the Terms and Conditions in the License Agreement. For Knox v1.0 devices, the downloading process of Knox Container will be initiated. This can take awhile and then the user will be directed to set a Password for the Container. For other Knox devices, the user will be automatically directed to the Password setting page. This password is used to unlock and access the Knox Container to view corporate resources. The user Apps that are distributed by Mobile Device Manager Plusfor the Knox container can be accessed by clicking "Apps" icon within the container. By clicking the "Personal home" icon, the user can exit the Knox container and view the personal data and apps in the device.
We have made your job simpler!
Learn how to perform out-of-the-box Samsung Knox Mobile Enrollment using MDM, in under 5 minutes through this demo video.
- What is Samsung Knox?
- What are all the Knox supported devices?
Samsung Knox is a suite of enhancements designed to address the security problems in the current open source Android platform. Samsung Knox offers much enhanced security than SAFE devices and it is ideal for use in enterprises that require high level security. It enables to secure and segregate the personal and corporate data of users by creating an exclusive container for corporate data. It also provides Application Security by allowing the segregation of Apps for personal and corporate use.
Operating Systems that support Knox include the following:
- 4.2.2+ Jelly Bean
- 4.3 Jelly Bean
- 4.4.X Kit Kat
- 5.0.X Lollipop
- 6.0.X Marshmallow
- 7.0.X Nougat
- 8.0.X Oreo
- 9.0.X Pie
In devices running Android 10.0 or later, Knox container cannot be created since a Harmonized Container will be created combining the Knox container and Android work profile.
The smartphones and tablets that support Knox are mentioned below:
- Galaxy S5 series
- Galaxy S4 series
- Galaxy S3
- Galaxy Note 3 series
- Galaxy Note 2
- Galaxy Grand 2
- Galaxy Tab series
For more details on Knox supported devices, refer to this
Knox devices can be managed by installing the ME MDM App designed for Android 4.2 and above.
Yes, only Enterprise Apps can be distributed and applied inside Knox Container.
When the Knox Container is removed, all the Apps present in the container also gets removed.