Android Enterprise VI: Knox Mobile Enrollment

Require Pending Enrollment Generation

In case you want to ensure that users or administrators must generate a One Time Password first on any second device, keep the MDM Configuration field empty. In this case either administrators can initiate the enrollment from the Silverback Management Console with the Provision or Bulk Provision User functionality or users are required to start the enrollment process through the Self Service Portal upfront or at the out-of-the-box experience with a second device. During the device enrollment setup, the device will download the Matrix42 Companion and users are required to enter their enrollment credentials inside the Matrix42 Companion. In any case users are required to receive their enrollment information upfront or at least at the time when they have to enter their credentials inside Matrix42 Companion.

Start with Self Service Portal

These option grants the possibility to add in the configuration field the address of your Silverback Self Service Portal, so that users will be forwarded directly to the Self Service Portal inside the Companion during the enrollment and finish the enrollment with Local User Accounts, Active Directory or Azure Active Directory credentials.

For this, adjust and add the MDM Configuration field with the following custom configuration: 

{"server_url":"https://silverback.imagoverum.com"}

Bulk Enrollment with a Service Account

You can use this mechanism to provide a fully authenticated device enrollment for non-personalized devices in combination with the Bulk Staging Mode. For this, adjust and add the following custom configuration into the MDM Configuration field: 

{"server_url":"https://silverback.imagoverum.com","user_name":"tim.tober@imagoverum.com","otp":"4444"}

Bulk Enrollment with individual accounts

This option lets you fully automate the authentication process for users inside the Matrix42 Companion application with a bulk configuration. Administrators can use the Bulk Provision User functionality in Silverback and upload a *.csv file containing device identifiers (IMEIor Serial Number) from the Knox Mobile Enrollment portal and authentication information from Silverback (Usernames + One Time Passwords). During the process, each device will receive the authentication information stored in the Knox Mobile Enrollment portal based on the created authentication information in Silverback and based on the uploaded *.csv file. Please refer to Bulk Enrollments with Samsung Knox Mobile Enrollment for additional information

Single Enrollments with individual accounts

Another option is to create in Silverback a single pending enrollment with the Provision User functionality and take and add the Username and One Time Password by opening the device information in the Knox Mobile Enrollment portal. After opening the device information, you can add the User ID value with the corresponding Silverback Username and the Password with the generated One Time Password in Silverback.

Knox Deployment

• Press Bluetooth
• Select the Bluetooth Duration and accept pairing  requests automatically (optional)
• Press OK

Target Device

• On target devices enable Bluetooth and open https://me.samsungknox.com
• Press Next
• Press Update 
• Press Next
• Confirm with Next
• Confirm Samsung Knox Privacy Policy with Next
• Press Reset to start the factory wipe

Knox Mobile Enrollment

• Meanwhile navigate back to Knox Mobile Enrollment
• Navigate to Devices 
• Select All Devices
• You should now see your newly added device 

Target Device

• After the factory wipe start with the out-of-the-box experience and
  • Acknowledge the unauthorized attempt
  • Press OK
  • Connect to your Wi-Fi
• Follow the instructions given by the operating system and enroll your device to Silverback
• After the successful enrollment perform a factory wipe of the device
• Perform the process again and you will recognize that the device is now linked successfully to the Knox Mobile Enrollment