Samsung Knox Mobile Enrollment in Device Admin mode
Enroll corporate-owned Samsung devices through Knox Mobile Enrollment (KME) in Device
Admin (Deprecated) mode.
IT administrators can easily onboard many Samsung devices without the need for manually configuring each device. KME forces automatic enrollment when users first power on their devices and connect to a wifi or cellular network.
- Samsung devices in Knox version 2.4 and later.
- Register for a Samsung Knox Account through this URL https://www.samsungknox.com/en#register.
- Make sure that the Samsung devices are added to the Knox Admin Portal.
Creating an enrollment configuration in the IBM MaaS360 Portal
Configure details that you want to auto-populate for users during the enrollment. After you create the enrollment configuration, IBM® MaaS360® generates the JSON file and IBM MaaS360 for Android agent app URL. Enter the IBM MaaS360 for Android agent app URL and upload this JSON data to the Knox Admin Portal. This data is then pushed to the device during the enrollment process to minimize the need for user interaction.
- From the IBM MaaS360 Portal home page, select and then select Samsung Knox Mobile Enrollment (Device Admin).
- On the Samsung Knox Mobile Enrollment (Device Admin) window, enter the
following fields.
Option Description Corporate ID The corporate email address associated with your MaaS360 account, as specified in the . Prompt for Device name This option enables users to enter the name of the device during the enrollment. If this option is not selected, the device ID and model number are used for the device name by default. For more information, see Assigning custom device name in MaaS360. Samsung Mobile Enrollment Profile Provide a name for your enrollment profile. The profile name must match the MDM profile name in the Knox Admin Portal. Enrollment Shared Secret The shared secret that is embedded in the configuration profile to authenticate the bulk activation request. - Click Save.
- The URL to download the MaaS360 App and the link to download the custom JSON data are displayed. Click Download to download the JSON file.
Creating an MDM profile in Knox Admin Portal
Create a Device Admin (Deprecated) MDM profile in the Knox Admin Portal to customize your device enrollment. To create an MDM profile, you need the IBM MaaS360 agent app URL and JSON data that was downloaded from the IBM MaaS360 Portal.
- Sign in to the Knox Admin Portal.
- On the Profiles page, click .
- Click the Device Admin (Deprecated) profile link under the Android Enterprise.
- Enter the following details.
Field Description Profile Name Enter a profile name. This name must match the enrollment profile name that you provided in the IBM MaaS360 Portal. EMM Information Select URI not required for my MDM. EMM Agent APK Click Add EMM APPLICATIONS and provide the URL to the MaaS360 Agent app. Note: Make sure that there are no extra spaces in the URL.Custom JSON data (as defined by EMM) Enter the JSON data from the JSON file downloaded through the MaaS360 portal. - Click Create.
Assigning MDM profile to devices in Knox Admin Portal
After you create the MDM profile, you can assign that profile to single or multiple devices that are added in your Knox Admin Portal.
- Sign in to the Knox Admin Portal.
- Go to the Devices section.
- Select all the devices that you want to assign the profile to.
- Assign a profile.
-
- Single device
- Click IMEI/MEID and select the wanted profile from the Profile list.
-
- Multiple devices
-
- Select the devices that you want to assign the profile to.
- Click .
- On the Configure selected devices window, assign a profile to the selected devices in Modify Profile of selected devices.
- Click Save.
-
User enrollment steps
After the profile is assigned to your devices, the device users are ready to enroll in to MDM. The users must power on their devices and connect to the network to initiate the enrollment process.
To find the list of Samsung devices that are secured with Knox security, see Devices Secured by Knox.