Android Enterprise VI: Knox Mobile Enrollment
Knox Mobile Enrollment
Samsung Knox Mobile Enrollment is Samsung's counterpart to the Apple Device Enrollment Program and/or Android Zero Touch Enrollment. Overall Knox Mobile Enrollment saves IT departments and users the tedious manual configuration of proprietary Samsung smartphones and tablets. Devices are pre-configured online with the settings desired by an Administrator. When booting for the first time, the devices check whether they are assigned a configuration and if so, they will download the (pre-configured) Matrix42 Silverback Companion app which will guide the user to finish the setup.
- IT Administrators: Can configure that new arrived devices will be automatically configured to download Matrix42 Silverback Companion
- Your company stay in control of their devices at all times - even after factory resets.
- End users, after receiving a boxed device, they just need to sign in.
Requirements
Login
- Open https://www.samsungknox.com/
- Press Sign in
- Sign in with your Samsung Account
- e.g. silverback@imagoverum.com
- e.g. Pa$$w0rd
Create a Profile
- Launch Knox Mobile Enrollment Console
- Navigate to MDM Profiles
- Click Create Profile
- Select Android Enterprise
- Enter a Profile Name, e.g. Silverback KME
- Enter a Description, e.g. Silverback Default Profile
- Under MDM Information select Force Device Owner enrollment
- Under Pick your MDM select Matrix42 Silverback
- Wait until the verification is finished
- Press Continue
Configure Profile
- Add your MDM Configuration (optional)
Please refer to Additional Enrollment Options
- Disable or Leave all systems apps enabled
- Add a Legal Agreement (optional)
- Enter your Company Name
- Click Create
Additional Enrollment Options
The Knox Mobile Enrollment grants the possibility to configure Device Policy controllers in a specific JSON format. The Matrix42 Companion application supports this mechanism from version 21.0 to remotely configure (enrollment) settings for users, which will ensure a smooth enrollment performed on the used devices. These options grants the possibility to add in the configuration the address of your Silverback Self Service Portal, so that users will be forwarded directly to the Self Service Portal inside the Companion and perform the Enrollment with Local User Accounts, Active Directory or Azure Active Directory credentials. Additionally you can use this mechanism to provide a fully authenticated device enrollment for non-personalized devices in combination with the Bulk Staging Mode.
Adjust and add the following options into the MDM Configuration field:
| Platform | Custom Configuration |
|---|---|
| Samsung Knox Mobile Enrollment | Enrollment With Self Service Portal |
{"server_url":"https://silverback.imagoverum.com"}
|
|
| Samsung Knox Mobile Enrollment | Enrollment with preset Authentication |
{"server_url":"https://silverback.imagoverum.com","user_name":"tim.tober@imagoverum.com","otp":"4444"}
|
|
Knox Deployment
Deploy Profile
- Pick a Samsung Device
This device will be your master device to add manually devices to Knox Mobile Enrollment
- Download from Google Play Knox Deployment application
- Open Knox Deployment
- Sign in with your Samsung Account
- Select Knox Service
- Select Knox Mobile Enrollment
- Select your previously create Profile
- Select Deployment mode
- Bluetooth (recommended)
- NFC
- Wi-Fi Direct
This method is used to transfer the profile to desired devices
- Select Wi-Fi for deployed devices
- Select an available network
- Enter your Wi-Fi password
- Click OK
- Press Start Deployment
Bluetooth Deployment
Bluetooth makes it possible to deploys a profile to multiple devices. As our recommended path we will guide you through the process.
Knox Deployment
- Press Bluetooth
- Select the Bluetooth Duration and accept pairing requests automatically (optional)
- Press OK
Target Device
- On target devices enable Bluetooth and open https://me.samsungknox.com
- Press Next
- Press Update
- Press Next
- Confirm with Next
- Confirm Samsung Knox Privacy Policy with Next
- Press Reset to start the factory wipe
Knox Mobile Enrollment
- Meanwhile navigate back to Knox Mobile Enrollment
- Navigate to Devices
- Select All Devices
- You should now see your newly added device
Target Device
- After the factory wipe start with the out-of-the-box experience and
- Acknowledge the unauthorized attempt
- Press OK
- Connect to your Wi-Fi
- Follow the instructions given by the operating system and enroll your device to Silverback
- After the successful enrollment perform a factory wipe of the device
- Perform the process again and you will recognize that the device is now linked successfully to the Knox Mobile Enrollment
Add a Reseller
To automate the process of adding devices to your Knox Mobile Enrollment, get in contact with your reseller and provide your Knox Customer ID.
- Open Samsung Knox Mobile Enrollment Console
- Navigate to Resellers
- Notify your Knox Customer ID
- Click Register Reseller
- Enter Reseller ID
- Proceed with the process
Next Steps
- Review Samsung Knox Deployment App
- Use the Knox Service Plugin to configure your devices