Samsung Knox

Samsung offers several solutions that are compatible with XenMobile Server.

• XenMobile supports and extends Samsung Knox policies on compatible Samsung devices.
• The Knox Service plug-in (KSP) is an app that supports a subset of Knox Platform for Enterprise (KPE) features. For information from Samsung about KPE, seeConfigure Knox Platform for EnterpriseandOverview.

You can configure XenMobile to query the Samsung Knox attestation server REST APIs.

Samsung Knox uses hardware security capabilities that provide multiple levels of protection for the operating system and applications. One level of this security resides at the platform through attestation. An attestation server provides verification of the mobile device core system software (for example, the boot loaders and kernel). The verification occurs at runtime based on data collected during trusted boot.

1. In the XenMobile web console, click the gear icon in the upper-right corner. TheSettingspage appears.

2. UnderPlatforms, clickSamsung KNOX. TheSamsung KNOXpage appears.

   

3. InEnable Samsung KNOX attestation,select whether to enable Samsung Knox attestation. The default isNO.

4. When you setEnable Samsung KNOX attestation, toYES,Web service URLoption is enabled. Then, in the list, do one of the following:

   • Click the appropriate attestation server.

   • ClickAdd newand then enter the Web service URL.

5. ClickTest Connectionto verify the connection. A success or failure message appears.

6. ClickSave.

Note:

You can use Samsung Knox Mobile Enrollment to enroll multiple Samsung Knox devices into XenMobile (or any mobile device manager) without manually configuring each device. For information, seeSamsung Knox bulk enrollment.

Add the Knox service plug-in app

If you plan on using Android Enterprise with Knox, add the Knox service plug-in (KSP) to XenMobile. The KSP app uses AndroidOEMConfig to support features such as security policies, flexible VPN configuration, and biometric authentication controls. AndroidOEMConfig enables OEMs and endpoint mobility managers (EMM) to support custom OEM APIs. Those APIs cover use cases not supported through Android Enterprise.

For more information on KSP, see theKnox Service Plugin Guide.

1. Sign in to your Google account and navigate tohttps://play.google.com/work/apps/details?id=com.samsung.android.knox.kpu. Approve the Knox Service Plug-in app.
2. Sign in to your XenMobile console and add the Knox service plug-in as a public app store app. For more information on adding public app store apps, seeAdd a public app store app.
3. In your XenMobile console, navigate toConfigure > Device policies. ClickAdd.
4. ClickManaged Configurations. In the dialog that comes up, selectKnox Service Pluginfrom the menu. For more information on the Managed configuration policy, seeManaged configurations policy.
5. Type a name for the policy then continue to the platform page.
6. On the platform page, type aProfile namefor your Knox profile and input theKPE Premium License keyfrom Samsung. The policies that appear below these fields come from your Knox deployment. For more information on Knox policies, see the Knox Service Admin Plug-in Guide referenced earlier in this section.
7. ClickNextand configure deployment rules for the policy.
8. ClickSave.