Samsung Knox Mobile Enrollment (KME) program

Enroll corporate-owned Samsung devices through Samsung Knox Mobile Enrollment (KME). IT administrators can onboard many Samsung devices without the need for manually configuring each device. KME forces automatic enrollment when users first power on their devices and connect to a wifi or cellular network.

Prerequisites

Creating an enrollment configuration in the IBM MaaS360 Portal

Configure details that you want to auto-populate for users during the enrollment. After you create the enrollment configuration, you can download the data in JSON format. Upload this JSON data to the Knox Admin Portal. This data is then pushed to the device during the enrollment process to minimize the need for user interaction.

Follow the steps to create an enrollment configuration.
  1. From the IBM® MaaS360® Portal home page, select Devices > Enrollments.
  2. Click Other Enrollment Options > Android > Android Device Enrollment.
  3. In the Android Device Enrollment wizard, enter the following details.
    Enrollment setting Value
    Enrollment Mode Select Samsung Knox Mobile
    Managed Google Play account type Select from the following options.
    • Device account
    • User account
    Device Management Device Owner (Dedicated device or Kiosk mode)
    Device Ownership Select from the following options.
    • Corporate Owned
      The organization owns and manages the device and they are designated to a single employee for exclusive use.
    • Corporate Shared
      The company-owned device that is shared across multiple users. When a user signs in to the IBM MaaS360 app with the corporate or local credentials, the level of access to data, applications, and features is based on the group evaluation. When the user logs out of the IBM MaaS360 app, IBM MaaS360 removes the apps and policies that are distributed to the device.
  4. Click Next.
  5. On the Samsung Knox Mobile Enrollment window, click Download to download the JSON file.

    The JSON file includes enrollment configuration for the KME enrollment.

Creating an MDM profile in Knox Admin Portal

Create an Android Enterprise MDM profile in the Knox Admin Portal to customize your device enrollment. To create an MDM profile, you need the JSON data that was downloaded from the IBM MaaS360 Portal.

Follow the steps to create an MDM profile for Android Enterprise.
  1. Sign in to the Knox Admin Portal.
  2. Select Profiles and click Create Profile.
  3. Enter the following details.
    Profile Name
    Enter a name for your profile.
    Profile description
    Enter details about the profile.
    Select solutions and services to install (required)
    Select EMM as the service.
    Contact information
    Enter the contact details of the company.
    EMM information
    Enter IBM MaaS360 as the EMM. The EMM agent APK is auto populated.
    Standard settings
    Enter the JSON string that you copied from the JSON file that is downloaded from the MaaS360 Portal in the previous steps.
  4. Review the information.
  5. Click Create profile.

Assigning MDM profile to devices in Knox Admin Portal

After you create the MDM profile, you can assign that profile to single or multiple devices that are added in your Knox Admin Portal.

Follow the steps to assign an MDM profile to devices.
  1. Sign in to the Knox Admin Portal.
  2. Go to the Devices section.
  3. Select all the devices that you want to assign the profile to.
  4. Assign a profile.
    • Single device
      Click IMEI/MEID and select the wanted profile from the Profile list.
    • Multiple devices
      1. Select the devices that you want to assign the profile to.
      2. Click ACTIONS > Configure devices.
      3. On the Configure selected devices window, assign a profile to the selected devices in Modify Profile of selected devices.
      4. Click Save.

User enrollment steps

After the profile is assigned to your devices, the device users are ready to enroll in to MDM. The users must power on their devices and connect to the network to initiate the enrollment process.

To find the list of Samsung devices that are secured with Knox security, see Devices Secured by Knox.