Samsung KNOX Mobile Enrollment (KME)

Owned by lsh (Unlicensed)
Last updated: Jun 01, 2021
5 min read

Introduction

Samsung KNOX Mobile Enrollment is a free web service that allows users to bulk enroll devices while keeping end-user interaction to a minimum. You can enroll your devices without manually configuring each device. You can enroll a device directly to individuals that can be predetermined in the Mobile Enrollment portal.

This documentation is based on information available on the Samsung Knox web sites as of April 2020.


Samsung KNOX Mobile Enrollement


KME Requirement: Samsung KNOX Requirements

KME Firewall Exceptions: Samgsung KNOX Firewall Exceptions.

KME Admin Gude: Samsung KNOX Mobile Enrollment Admin Guide.

Apply for KNOX Mobile Enrollment

 Click here to expand...
  1. Go to KNOX Mobile Enrollment - Getting Started Guide and follow the guide
  2. Create a Samsung account
  3. Create KNOX Portal Account
  4. Launch KNOX Web Console

Create an MDM Profile - Device Admin

Create an MDM Profile for your devices to be assigned to.

From Capainstaller 6.0 and later do we not support Device admin

 Click here to expand...
StepAction
1.

In KNOX console, select MDM profiles in the left-hand navigation menu and select the CREATE PROFILE button

(To edit an existing profile, just click on it)

2.

Select Device Admin in the profile type

3.

Set the following BASIC INFO for the DA profile:

  • Profile Name - Enter an appropriate profile name to distinguish it from others with similar attributes.

  • Description - Optionally provide a 200 character maximum description to further differentiate this profile from others.

  • MDM Server URI  - No MDM Server URI is required. Leave the field empty and click continue

4.

MDM Agent APK - Add one or more MDM applications downloaded automatically upon device enrollment


Custom JSON Data (as defined by MDM) to pass the MDM setup configuration using the JSON (JavaScript Object Notation) format


Skip Setup Wizard - Unselect this option to send the device user through the Setup Wizard. When selected, the device user skips the many setup wizard screens and can start the enrollment process much faster.

This setting is selected by default.


Allow end user to cancel enrollment - Selecting this option permits an end-user to cancel enrollment on their device. Leaving this setting unselected enables mandatory device enrollment.

The skip setup wizard option functions independently from end-user enrollment cancellation, and both can be enabled at the same time.


5.

Click CREATE and verify that profile is created and located in MDM Profiles

The profile is ready for use.

6.The profile is ready for use.

Create an MDM Profile - Android Enterprise as Device Owner

Create an MDM Profile for your devices to be assigned to.

 Click here to expand...
StepAction
1.

In KNOX console, select MDM profiles in the left-hand navigation menu and select the CREATE PROFILE button

(To edit an existing profile, just click on it)

2.

Select Android Enterprice in the profile type

3.

Set the following BASIC INFO for the DO profile:

  • Profile Name - Enter an appropriate profile name to distinguish it from others with similar attributes.

  • Description - Optionally provide a 200 character maximum description to further differentiate this profile from others.

  • We only support FORCE DEVICE OWNER ENROLLMENT
  • MDM Server URI  - No MDM Server URI is required. Leave the field empty and click continue




4.

Custom JSON Data (as defined by MDM) to pass the MDM setup configuration using the JSON (JavaScript Object Notation) format


  • Disable system apps — Select this checkbox to ensure all apps are disabled and unavailable to the device owner supported profile.
  • (Recommended) Leave all system apps enabled — Select this checkbox to ensure all pre-installed system apps are enabled and available to the profile. If this option is not selected, only a limited set of default system apps (My Files, Contacts, Google Play Store) display in the device's apps tray. Systems apps reside within the device's /system/app read-only folder and cannot be installed or removed by the device user. When using KME with Knox Configure, be careful when unchecking the Leave all system apps enabled checkbox, as this may lead to conflicts with Knox Configure.


5.

Click CREATE and verify that profile is created and located in MDM Profiles

6.The profile is ready for use.

Enrollment of Samsung KNOX device for Device Admin

After creating the MDM profiles, and adding the devices the device is ready for enrollment. To enroll the device must be connected via a Wi-Fi connection.

 Click here to expand...
StepAction
1.

The first time a user boots a device and connects to the internet via a wi-fi connection, the device will automatically start enrolling. 

2.

Click Next to accept Samsung Knox Privacy Policy

3.

Click Next and wait for the MDM agent to be downloaded and installed

4.The device is now enrolled and ready to use.



Enrollment of Samsung KNOX device for Device Owner 

After creating the MDM profiles, and adding the devices the device is ready for enrollment. To enroll the device must be connected via a Wi-Fi connection.

 Click here to expand...
StepAction
1.

The first time a user boots a device and connects to the internet via a wi-fi connection, the device will automatically start enrolling. 

Press "Accept & Continue"

2.

Click Next to accept Samsung Knox Privacy Policy

3.The device is now enrolled and ready to use.