Table of Contents Go to Bookmark

Configuring basic environments

Configuring basic environments

Configure how device users are verified when they sign in to Knox Manage. You can also configure the required environments to use certain types of devices.

Setting the user authentication method

Set up the authentication method for when device users sign in to Knox Manage on their mobile devices.
To set the authentication method, complete the following steps:
  1. Navigate to Setting > Configuration > Basic Configuration, and then click Authentication Setting at the bottom of the page.
  1. In the “Authentication Setting” window, select the authentication method.
  • Automatic: Verifies the device users using the default method provided by Knox Manage. Locally registered users will use their user ID and password saved in the Knox Manage server. Synchronized users will use their user ID and password imported by AD/LDAP synchronization.
  • Manual: Customizes the authentication method by user type.
  1. If you selected Manual, select the authentication method by user type.
  • Sync User Authentication Settings: Select the authentication method for synchronized users.
Item
Description
Authenticator
  • globalEmmAuthenticator: Uses the user ID and password saved in the Knox Manage server.
  • globalLdapAuthenticator: Uses the user ID and password imported by AD/LDAP synchronization.
  • globalLdapServiceAuthenticator: Uses the user ID saved in the Knox Manage server and the password imported from the AD/LDAP server accessed by a directory service.
LDAP Service ID
If you selected globalLdapServiceAuthenticator, enter the directory service ID to use for accessing the AD/LDAP server.
  • Local User Authentication Settings: Select the authentication method for locally registered users.
Item
Description
Set identical to the Sync User Authentication Settings
Uses the same authentication method as set in the “Sync User Authentication Settings” section.
Authenticator
  • globalEmmAuthenticator: Uses the user ID and password saved in the Knox Manage server.
  • globalLdapAuthenticator: Uses the user ID and password imported by AD/LDAP synchronization.
  • globalLdapServiceAuthenticator: Uses the user ID saved in the Knox Manage server and the password imported from the AD/LDAP server accessed by a directory service.
LDAP Service ID
If you selected globalLdapServiceAuthenticator, enter the directory service ID to use for accessing the AD/LDAP server.
  1. Click Save.

Configuring Android Enterprise environments

To use Android Enterprise devices, you must register Samsung Knox Manage as the EMM provider in the Google Play Console and configure the basic environment of Managed Google Play, which is the digital distribution platform for Android Enterprise.
To configure the Android Enterprise environments, complete the following steps:
  1. Navigate to Setting > Android > Android Enterprise.
  1. Click Register EMM.
  • The Google Play Console will appear.
  1. Sign in to the Google Play Console using your Google account.
  2. Create a Managed Google Play account and register Samsung Knox Manage as the EMM provider.
  • When registration is finished, the Managed Google Play account information and Google API settings will appear on the Admin Portal’s “Android Enterprise” page.
  1. On the “Android Enterprise” page of the Admin Portal, select the layout of Managed Google Play.
  • Basic Store Layout: When users access Managed Google Play on their devices, the applications are displayed without categorization.
  • Advanced Store Layout: When users access Managed Google Play on their devices, the applications are displayed in the categories you set when adding applications in Knox Manage.
Note
You can configure the categories for the Managed Google Play layout in Application > Manage Category.
  1. Select the auto-update condition of the applications to be assigned to the devices.
  • Update on Wi-Fi only: The applications will be automatically updated only when a Wi-Fi network connection is available.
  • Allow user to configure: The applications will be updated only when the user authorizes the update.
  • Always auto update: The applications will be automatically updated when any network is connected.
  • Never auto update: The applications will not be updated.
  1. Click Add & Approve next to Knox Service Plugin Application to add and approve it.
Note
To use the Knox Service Plugin agent properly, you must update the Knox Manage Agent to V19.12 or higher. If the Knox Service Plugin agent is installed on a device with a version of Knox Manage Agent lower than V19.12, you may not be able to receive app feedback in the event of policy changes.
  1. Click Save.

Deleting EMM provider information

To delete the registered EMM provider information from Knox Manage, complete the following steps:
  1. Navigate to Setting > Android > Android Enterprise.
  1. On the “Android Enterprise” page, click Unregister EMM.
  • The information registered on the Google Play Console will be deleted, and the user will no longer be able to use the device as an Android Enterprise device.
  • Deleted EMM provider information can be restored by re-registering it within 30 days.

Permanently deleting EMM provider information

To delete the registered EMM provider information permanently, complete the following steps:
  1. Sign in to the Google Play Console (https://developer.android.com/distribute/console).
  1. Click Delete Enterprise.
  • All the information will be deleted within 24 hours and cannot be restored.

Setting an APNs certificate (iOS only)

Apple Push Notification service (APNs) is required to control iOS devices with Knox Manage. An APNs certificate is valid for one year. If the certificate is expired, you cannot send device commands to iOS devices. For more information about APNs, see https://developer.apple.com/library/content/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/APNSOverview.html.
To activate APNs, you must register an APNs certificate. The APNs certificate registration requires three actions:
Step
Action
1
Receive a Certificate Signing Request (CSR) file from the Admin Portal.
2
Receive an APNs certificate from Apple.
3
Upload the certificate to the Admin Portal.
To register an APNs certificate, complete the following steps:
  1. Navigate to Setting > iOS > APNs Setting.
  1. On the “APNs Setting” page, click Generate Request at the bottom of the page.
  • A signed CSR file will be downloaded to your PC.
  1. Visit the Apple Push Certificate Portal (https://identity.apple.com/pushcert) and sign in using your Apple account.
  • If you do not have an Apple account, visit the Apple website (https://appleid.apple.com) and create your account. It is recommended to create a new account for business use because the account will be continuously used for renewing the APNs certificate.
  1. Click Create a Certificate.
  2. Read and accept the terms of use.
  3. On the “Create a New Push Certificate” page, click Choose File.
  4. Select the downloaded CSR file and click Upload.
  5. On the “Confirmation” page, click Download.
  • The APNs certificate will be downloaded to your PC as a PEM file.
  1. On the “APNs Setting” page of the Admin Portal, click Upload APNs Certificate.
  1. In the “Upload APNs Certificate” window, click and select the downloaded PEM file.
  2. Click Save.
Note
  • You can download the registered APNs certificate by clicking Download APNs Certificate.
  • If you have issued an APNs certificate with an external CSR file, you can import the certificate by clicking Import APNs Certificate.

Renewing an APNs certificate

The existing APNs certificate can be renewed before the expiration date. The renewal process is same as the process for new registration.
When renewing the existing APNs certificate, you must use the same Apple ID that you used to create the certificate.
Note
Users do not need to reinstall the Knox Manage Agent after certificate renewal.

Setting the SEG profile (Galaxy devices only)

Samsung Enterprise Gateway (SEG) is a cloud-based facility which provides communication between the MDM and the mobile devices running Universal MDM Client (UMC). Samsung Galaxy devices are equipped with UMC, which enables directly installing Knox Manage on the devices and enrolling them in the Admin Portal. To use SEG, you must connect Knox Manage to the SEG server by configuring the SEG profile.
To set the SEG profile, complete the following steps:
  1. Navigate to Setting > Configuration > Basic Configuration, and then click SEG Profile Setting at bottom of the page.
  1. In the “SEG Profile Setting” window, view the profile information and modify it if necessary.
  • Profile ID: The retrieved SEG profile ID is displayed.
  • Profile Name: Enter the profile name.
  • Tenant ID: Tenant ID to be linked with the SEG profile. The tenant ID registered on the Knox Manage server is displayed.
  • Domain: Enter the email address domain if necessary. The domain will be mapped with the user email addresses and used as the domain of the email address in the user invitation message.
  • SEG Region: Select the same region as the one registered on the Knox Manage server.
  • EMM Client APK: The download URL for the APK file of the Knox Manage Agent. The retrieved URL is displayed.
  • EMM EULA: The EULA for getting the users’ agreement to the collection of their personal information when they enroll the devices through direct installation. The retrieved EULA is displayed.
  • Additional EULAs: Enter the URLs of additional EULAs to show to users.
  1. Click Save.
Starting up