1. Home
  2. OEM
  3. Samsung
  4. Out-of-Box Enrollment of Samsung Devices Using Knox Mobile Enrollment

Out-of-Box Enrollment of Samsung Devices Using Knox Mobile Enrollment

KB ID: 42G2007746
Total Views: 207

Knox Mobile Enrollment is a quick and easy way to enroll and setup devices with an EMM solution. It enables out-of-the-box EMM enrollment and configuration of new Samsung devices. 

There are two methods to enroll devices in KME portal:

  • Samsung Resellers – If devices have been bought from authorized Samsung resellers, then they can upload the device IMEIs directly into the KME portal on your behalf.
  • Knox Deployment App – If devices haven’t been bought from authorized resellers, then you can upload the devices directly into the KME portal through the Knox Deployment App. You can either use Bluetooth or NFC to enroll devices in the KME portal.

Prerequisites

  • Samsung Knox devices must run Knox version 2.4 or later.
  • Enterprises should have a Samsung Knox account.
  • If your devices are behind an enterprise firewall, the following ports and URLs must be allowed to enable smooth communication while using SureMDM:
Port Destination Type Protocol
443 *.samsung.com Outbound HTTPS
*.samsungknox.com Outbound HTTPS
*.secb2b.com Outbound HTTPS
Note: Port 443 isused for authenticating a Samsung account for Knox services and accessing enterprise devices from Knox servers.

Before you enroll devices in KME, you need to create a profile. Create a profile supporting either of the profile types:

  • Device Owner
  • Device Admin

Configure a Device Owner profile 

This option will create a profile for fully managed or dedicated devices.

To configure a Device Owner profile and setup the Knox Deployment app, follow these steps:

1. Open a browser, go to the Samsung Knox website, and log in with your credentials.

2. In the Solutions section, under Knox Mobile Enrollment, click Launch.

A Samsung Knox Mobile Enrollment dashboard will open.

3. Go to MDM Profiles > Create Profile.

4. Under Select profile type, select Device Owner.

5. On the Device Owner profile details screen:

  • Enter Profile Name, and Description, and select Other from Pick Your MDM drop-down list.
  • In the MDM Agent APK field, provide the downloadable apk link of the MDM application.
    For the latest version, use: https://suremdm.42gears.com/nix/nixagent.apk
  • In the MDM Server URI field, provide the SureMDM URL to which devices will be enrolled.
    For example: https://sample.in.suremdm.io/console/

6. Click Continue.

7. On the Device Owner profile settings page, enter the following details:

  • Custom JSON Data (as defined by MDM) – Enter custom configuration type in JSON format.  

For Example: You can enter JSON data as follows:

{“CustomerId”:”XXX000″,”ServerPath”:”sample.in.suremdm.io”,”GroupPath”:”Home/test”,”DeviceNameType”:”UseMac”} 

Note:

  • CustomerId is the account id of the SureMDM Console that helps the device recognize the console’s server path. To know your CustomerId, navigate to the SureMDM Web Console and click the Settings icon to view the Account ID.
    Example- CustomerID: 000000
  • ServerPath is the URL used to access the SureMDM Console.
    Example- https://sample.in.suremdm.io/console/
  • GroupPath is the path of a group/sub-group in which the device will get enrolled.
    Example- Home/test
  • DeviceNameType is the device name that will be displayed on the console. You can select an option from the following to set the device name.
    UseMac – Mac Address of the device
    UseIMEI – IMEI number of the device
    UseSerialNumber – Serial number of the device

  • Under Device Settings > System Applications, select an option:
    • Disable system applications
    •        or

    • Leave all system apps enabled

Privacy Policy, EULAs and Terms of Service – Click Add Legal Agreement and add any End User License Agreements, Terms of Service, or other user agreements that users must acknowledge before using the service. Company Name – Specify the organization name that will be displayed at the time of enrollment.

  • Company Name – Specify the organization name that will be displayed at the time of enrollment.

8. Click Create.

The newly created MDM profile will be listed under the MDM Profiles section.    

9. If devices were bought from a reseller, reboot or factory reset the device. On successful reboot, either reseller or IT admin can enroll and configure the devices with a specified MDM profile.

                                                   or

If the devices were bought from a non-reseller, then continue with the following steps.

10. Install and launch the Knox Deployment application on an Android device. 

Note: Use this Android device as a reference device for configuration purposes only.

11. Log in with the same credentials as that of the KME Portal.

12.  Tap Profile and select the created MDM Profile.

13. Select Deployment mode to deploy profile to Samsung device i.e Bluetooth or NFC

14. If it’s NFC, place a NFC enabled Samsung device next to the reference device for instant enrollment and configuration.

15. If Bluetooth is the selected Deployment Mode, select the required Bluetooth duration form and tap Start Deployment. 

16. Take a bluetooth enabled device and open a browser window and go to me.samsungknox.com

17. Follow the steps mentioned on-screen to complete deployment.

Note: To use Bluetooth as Deployment Mode, both the devices have to be connected to the internet.

Once the Bluetooth deployment is complete, the reference device screen will be shown as below:

Configure a Device Admin profile

This is a legacy method to enroll and manage Samsung Knox devices.

To configure a Device Admin profile and setup the Knox Deployment app with SureMDM, follow these steps:

1.  Log into the Samsung Knox portal. 

2.  In the Solutions section, under Knox Mobile Enrollment, click Launch.

    A Samsung Knox Mobile Enrollment dashboard will open.

3. Go to MDM Profiles > Create Profile.4. Under Selectprofile type, select Device Admin.

5. On the Device Admin profile details screen,  enter Profile Name, Description, and MDM Server URI.

Note: Provide the SureMDM URL to which devices will be enrolled.
For example: https://sample.in.suremdm.io/console/

6. Click Continue.

7. On the Device Admin profile settings screen, click Add MDM Apps and enter the downloadable apk link of the MDM application.

    For the latest version, use https://suremdm.42gears.com/nix/nixagent.apk

8. Enter Custom JSON Data {“CustomerId”:”XXXXXX123″} or  {“CustomerId”:”XXXX1234″,”GroupPath”:”Home/Test”,”DeviceNameType”:”UseIMEI”}

9. Under Device Settings, select the following options:

  • Skip Setup Wizard – When this option is selected, the user can skip the setup wizard screens and initiate the enrollment process much faster. 
  • Allow end user to cancel enrollment -When this option is selected, the user is allowed to cancel the enrollment on their device. If not selected, it enables mandatory device enrollment.
Note: Both the above settings are independent and can be enabled at the same time.
  • Privacy Policy, EULAs and Terms of Service – Add any End User License Agreements, Terms of Service, or other user agreements that users must acknowledge before using the service.
  • Support contact details – Click Edit to update the Company Name, Company Address, Support Phone Number, and Support Email Address displayed on the device upon successful enrollment.
  • Associate a Knox license with this profile – Select this option to pass the Knox license key directly to the intended device for easier Knox profile configuration.

11. Click Create.

      The newly created MDM profile will be listed under the MDM Profiles section.    

12. Repeat step nos. 9 to 17 under Configure Device Owner Profile section.

Unenroll Devices 

There are two different processes to be followed for unenrolling devices from the KME portal and SureMDM based on the profile type:

Device Owner profile

To unenroll device from KME portal and SureMDM, follow these steps:

  1. Remove IMEI from the Knox Mobile Enrollment portal.
  2. Factory reset the device.

Device Admin profile

To unenroll device from the KME portal and SureMDM, follow these steps:  

  1. Remove IMEI from the Knox Mobile Enrollment portal.
  2. Apply the following custom run script on the device. Refer to the steps here:
    !#suremdm
    setAdminRemovable(true,com.nix)
  3. Uninstall SureMDM Nix from the device.

To explore more about Samsung Knox Mobile Enrollment, click here.

For any further assistance, reach out to our technical support team – techsupport@42gears.com.

Updated on July 16, 2020

Was this article helpful?

Related Articles