14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. Android

Category filter

Samsung Knox Mobile Enrollment

Jump To

What is Samsung Knox Mobile Enrollment?

Samsung Knox Mobile Enrollment (KME) allows IT administrators to quickly and efficiently enroll large quantities of corporate-owned devices without the need of manually configuring each of them. End users just have to power on the devices and connect to the network to enroll in MDM. That means there’s minimal risk that users may enter incorrect information or select the wrong settings. Moreover, unauthorized devices cannot join your MDM environment, so your network and data are better protected.

What are the key features of Knox Mobile Enrollment?

  • Bulk enroll devices: Can add thousands of devices to your MDM at once.
  • Automatic installation and activation: As soon as the employees receive their device and power it on, the device automatically installs the required software and applies the security settings and configurations provisioned by the enterprise via the MDM client.
  • Auto re-enrollment: Once a device is enrolled, the MDM software will always be reinstalled even if the device is erased and factory reset.
  • Supports multiple MDM configurations per account: Organizations with a complex MDM environment can quickly set up thousands of devices and connect them with the right MDM profile using Knox Mobile Enrollment.

What are the requirements for Knox Mobile Enrollment?

  • A Samsung account.
  • A Knox portal account.
  • Samsung Knox devices running Knox version 3.0 or higher.
  • A Mobility Management provider supporting the Knox Mobile Enrollment program.
  • A KME supported browser (Internet Explorer, Firefox, and Chrome).
  • The correct firewall exemptions needed to extend beyond your local and protected network domain and securely connect to the Knox Mobile Enrollment server.
Note:

How to create a Samsung account?

  1. Go to Samsung account creation page.
  2. Click on Create account.
  3. Go through the terms and conditions and Agree.
    Set up your Samsung account – Agree the terms and conditions
  4. Enter your Email/Phone number, Password, First name, Last name and DOB. Carefully enter the answer for the security question you have chosen and click Next.
  5. The last step to activate the account is to follow the link sent to the email address you have provided or by verifying using the code sent to the phone number provided.
    create Samsung account – enter the details

How to create a Knox Portal account?

  1. Go to Knox Mobile Enrollment page.
  2. Navigate to the top right corner and click on Get Started.
  3. Enter your work email address under Business email. Keep in mind that personal email accounts, such as Gmail and Hotmail, are not accepted.
  4. Select the Knox solution that best fits your requirements from the following options: Knox Suite, Knox Configure, Knox Guard, Samsung Care + for Business, or Other Products & Services. If you wish to access individual Knox Suite services, such as Knox Mobile Enrollment, choose Knox Suite.
    Configuration steps for creating a Samsung Knox portal account
  5. Create a Samsung account if one associated with the work email address doesn’t already exist.
  6. A verification email will be sent; once verified click Next.
  7. Verify your Samsung account details and optionally set up two-step verification, then click NEXT: COMPANY INFO.
  8. Provide your company’s details. Note that the location you select here determines whether your account is connected to the US or EU server. The US server corresponds to the Americas, while the EU server corresponds to the rest of the world. Afterward, click on NEXT: AGREEMENT.
  9. To proceed, agree to the terms and conditions by clicking on the AGREE button. This will submit your application for Knox services.
  10. Your application will undergo review, and you will receive an email notification once your company is approved for Knox services.

How to enroll and configure devices in your KME portal?

Knox Mobile Enrollment profiles simplify the process of enrolling Android Enterprise devices, whether fully managed or with a work profile, into your EMM solution.
There are three steps by which you can complete Knox Mobile Enrollment:

Step 1: Create a profile.

Step 2: Add devices to your portal.

Step 3: Configure and assign devices to a profile.

Step 1: Create a profile

  • Sign in to Knox Portal account.
  • Select the Profiles option from the left-hand Knox Mobile Enrollment menu.
  • Complete the following 4 steps to complete profile creation.
  1. Basic info
    • Profile name: – Specify the name of the profile. It’s a required field.
    • Profile description: – Add a description for the profile (optional).
    • Company name: – Specify your organization name here. This will be shown at the time of device enrollment.
    • Support email: – Enter an email address that users can contact in case they need support. This will be shown at the time of device enrollment.
    • Support phone number: – Enter a phone number that users can contact in case they need support. This will be shown at the time of device enrollment.
    • After filling out the details, click NEXT.
  2. EMM info
    • Pick your EMM: – Select a supported EMM or enter their name. Select the option Hexnode For Work for Hexnode.
    • EMM agent APK: – Provide a downloadable link for the EMM application that the device will be enrolled in. The URL to the APK is auto-filled on selecting Hexnode For Work.
      If this EMM APK is privately hosted on an intranet server, check the corresponding column of This EMM APK is privately hosted on an intranet server, and provide the Admin component name, Admin package signature checksum (For sample admin component name, and admin package checksum values, see the admin guide), EMM app name and upload App icon.
    • Specify an EMM server URI: – Depending on your EMM, you might need to provide a specific server URI. Enter the EMM server URL of your Hexnode UEM portal to which the devices get enrolled. For example, ‘https://yourportal.hexnodemdm.com’.
    • After filling out the details, Click NEXT.
  3. Configure

    These standard settings are optional features you can add to your profile to customize what the devices can do during and after enrollment.

    • DPC extras for: – Define custom configurations using JSON for DPC app during enrollment.

    To configure either mode, copy the appropriate JSON (Java Script Object Notification format) string from Enroll > Platform-Specific > Samsung Knox in the Hexnode UEM portal and paste it into the ‘DPC extras for‘ section of the Knox profile. This enables Hexnode UEM to identify and implement the custom configuration specified in the JSON data.

    In Knox Mobile Enrollment, you can include Custom JSON data to specify the management mode

    • QR code for enrollment: – To enroll a device using a QR code, click Add A QR CODE to begin setting up the QR code enrollment.
      1. Choose whether to allow QR code enrollment for devices that were not uploaded by a reseller.
      2. Select one of the following options for including Wi-Fi data in the QR code:
      • Don’t add Wi-Fi network credentials to QR code to create a QR code with no network data.
      • Add Wi-Fi network configuration to the QR code to include security data and proxy traffic gateway information within the generated QR code content. Specify the SSID name and select the type of Security for the network.
    • System apps: – Choose whether device users can access pre-installed apps, which may vary based on the OS version and carrier.
    • Enrollment screens: – Select whether to skip different steps (setup screens) during enrollment.
    • Privacy Policy, EULAs, and Terms of Service: – Add End User License Agreements, Terms of Service, or other user agreements that users must acknowledge before using the device.
    • Root and intermediate certificates: – Select a root or intermediate certificate to install on devices during enrollment. Supported on Android 9 or higher. Supported file types are .cer, .pem, .crt, .der and .ca-bundle.
    • DualDAR:- To enhance the security of KME data, you can enable Dual DAR (Data-at-Rest) encryption. This feature applies two layers of encryption to the data, even when the device is powered off or in an unauthenticated state. Once Dual DAR is enabled, you also have the option to integrate a third-party cryptography app by adding its package and signature for additional protection.
    • Advanced settings are available to have more control over your devices with advanced features.
    • Lock compromised devices: – To safeguard against information security breaches in the event of device loss or theft, you can remotely lock devices via the Knox Mobile Enrollment console.
      • Select Lock Device to automatically lock any device that has not been enrolled in an EMM by a specified date. You can set a timeframe between 1 and 30 days (default is 7 days). Choose Immediately Lock the Device to enable Knox Mobile Enrollment to lock a device as soon as it is enrolled, if it is detected as rooted or running unofficial firmware.
      • You can customize the lock screen message displayed on the device when it is locked or choose to use the default message provided. Additionally, you can specify a contact phone number for device users to reach out to if the device is locked.
    • Install apps: – To streamline the enrollment process, add apps to automatically install when a device is enrolled.
  4. Review
    • Check the Basic info, EMM info, and Configure settings and click on CREATE.

Note:


Advanced profile settings are exclusively accessible with a valid Knox Suite license. Device enrollment will still take place without this license, but you won’t have access to advanced settings.

You can edit the profile any time by clicking on the profile name and delete the profile by selecting the profile and clicking ACTIONS > Delete profile.

Step 2: Add devices to your portal

Sign in to your Knox Portal account. There are two options by which you can add device information:

  1. Reseller Devices – When a device is purchased from a reseller, they can automatically upload it to your account. The devices will appear in Devices > Uploads. For this, you must register your participating Samsung device reseller.
    1. Select the Resellers option from the left-hand navigation menu.
    2. Click on Register reseller.
    3. Contact the reseller to obtain their Knox Reseller ID. Once you have the Reseller ID, enter it and click on LOOKUP. The reseller’s details will then appear under Reseller found.
    4. Click REGISTER to proceed.
    5. To automatically accept all existing and future device uploads from this reseller, navigate to Auto Approval and select Automatically approve all uploads from this reseller. Then, under Auto Assign Profile after Approval, choose a default profile and license to assign to devices uploaded by this reseller after they are manually or automatically approved.
    6. Once configured, click SAVE.
  2. Knox Deployment Application – To enroll devices not purchased from an approved reseller there is a Knox deployment application.

    Steps:

    1. Download the Knox Deployment Application from the Google play store on any compatible device. Download from this link – Knox Deployment app.
    2. Launch the app and sign in using the Knox portal username and password. When you log in for the first time a welcome screen will be displayed for assisting you.
    3. Click on Profile. All profiles will be listed, or you can select Knox Mobile Enrollment profiles in particular. Choose the profile you want to associate with your devices.
    4. Choose a Deployment mode. Here you have 3 options: Bluetooth,or Wi-Fi direct.

      Bluetooth

      • Select Bluetooth as the device deployment mode.
      • Wi-Fi configuration – By configuring Wi-Fi for deployed devices, you can send a network configuration to the device so that it can connect to the network.
        • Click on Wi-Fi for deployed devices > Allow.
        • Choose a network from the list or add one.
        • Type in the password and click OK.
        Note:

        Wi-Fi configuration will work only with gesture-based deployment on devices running Knox 3.2 and higher.

      • Click on Start deployment.
      • Set the Bluetooth duration which is 30 minutes by default and check the Accept automatically option to automatically accept pairing requests from devices to be enrolled.
      • Click OK > Start Deployment.
      • Follow the onscreen instructions and enroll the device.
      • Click on Finish deployment from the app.

      The device will be listed in the Knox portal with the tag Bluetooth.

      Wi-Fi Direct

      • Select Wi-Fi Direct as the Deployment mode.
      • Select Wi-Fi direct Setting : Choose whether the Wi-Fi direct connection is automatic or manual.
        • Accept manually : Requires the user to enter a generated PIN every time a connection is requested from an enrolling device.
          • Select Accept Manually from Select Wi-Fi setting.
          • Note down the PIN which is required for manual connection and tap Connect before the countdown expires.
          • An Accept sharing request screen appears prompting for the PIN before the countdown expires. Type the PIN and Click on Accept.
          • The enrollment information will be sent to the enrolling device via the newly established Wi-Fi direct connection.
          • Click on Finish deployment once it’s done.
        • Accept automatically : Automatically accept connection requests from enrolling device.
          • Select Accept automatically from Select Wi-Fi setting.
          • Tap Connect before the countdown expires.
          • The enrollment information will be sent to the enrolling device via the newly established Wi-Fi direct connection.
          • Click on Finish deployment once it’s done.

        Note:


        Wi-Fi Direct will work only with gesture-based deployment on devices running Knox version 3.2.1 and higher.

Step 3: Configure and assign devices to a profile

Note:


Hexnode supports the ‘Username Passthrough’ feature offered by KME to authenticate and enroll a device with minimal user interaction. You can optionally configure Username Passthrough while assigning profiles to devices.

To assign a profile to a single device:

  1. Select the Devices option from the left-hand navigation menu.
  2. Click on the required device.
  3. Fill the following fields on the device details window:
    • Profile: Assign a profile to the device.
    • Tags: Add relevant tags to categorize devices and easily search for them.
    • User ID: Enter a user ID if you wish to set up Username Passthrough for the device.
  4. Click Save.

To assign an MDM profile to a single device, navigate to the Device Details page in the Knox Admin Portal

To assign profile to more than one device:

  1. Select the Devices option from the left-hand navigation menu.
  2. Check the required device(s) > Click on Actions > Configure Devices.
  3. Configure the following fields in the window that pops up:
    • Modify the profile of selected devices: Assign a profile to the selected device(s). In addition, there are two other options which you can choose:
      • Keep current profiles – Select to keep the existing profile assignments for each device.
      • Clear profiles – Select this option to remove the existing profile assignments.
    • Add tags to selected devices: Add relevant tags to categorize devices and easily search for them.If the “Overwrite existing tag” checkbox is selected, any existing tags on the device will be replaced with the tags added here.
    • User credentials: Configure user credentials to set up Username Passthrough functionality for the selected devices. Choose any of following options:
      • Keep current credentials – Select this option to use the existing user credentials.
      • Clear user credentials – Select this option to clear the existing credentials.
      • Overwrite user credentials – Select this option to provide new credentials.
  4. Click Save.

Configuring multiple devices and assigning an MDM profile to them

To assign profiles in bulk

  1. Select the Devices option from the left-hand navigation menu.
  2. Select the necessary devices and download the device information as a CSV file. Modify the file by adding User ID information to the right of Device ID. You can also add passwords in the next column if needed.
  3. Click on BULK ACTIONS > ASSIGN USER CREDENTIALS AND PROFILE.
  4. Upload the edited CSV file.
  5. Modify the profile of the selected devices and overwrite existing tags if needed.
  6. Click Submit.

Assigning MDM profiles to multiple devices in bulk using a CSV file

How to add device users to your KME portal?

To add a new device user

  1. Select Device Users option from the left-hand navigation menu.
  2. Click add device users.
  3. Enter User ID and Password > Click on Add.

A new device user can be added to the Knox Admin portal

To edit and update the details of an already existing user

  1. Select Device Users option from the left-hand navigation menu.
  2. Click on the user and edit the details.
  3. Update the details > Save.

Editing and updating device user information in the Knox Admin portal

You can remove an already existing user

  1. Select Device Users option from the left-hand navigation menu.
  2. Select the check box of the required device user.
  3. Go to Action > Delete Device Users.
  4. A pop-up arises. Select Delete.

Importing a device user

You can upload a group of user credentials to assign them to your devices in the future. To include user credentials in the device list, create a CSV file with one row (line) per device (with a maximum limit of 10,000 devices/rows).

  1. Select Device Users option from the left-hand navigation menu.
  2. Select the check box of the required device user.
  3. Click on Add Device Users and click add multiple device users.
  4. Refer the instructions for creating a CSV file. Select Got it when you are done reading the instructions.
  5. Upload the CSV file > Submit.

Uploading a group of user credentials to assign them to devices
 

 

FAQs:

Hexnode UEM for Samsung Knox devices

Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Enrolling Devices
  • Managing Android Devices