MDM Integration: Samsung Knox Manage

Created: Modified: Documentation

NOTE: Applies to Android devices only. Supports Android and OTA Workflows.

GroundControl supports MDM integration with Samsung Knox Manage.

  • The Imprivata Locker Android app must be granted Lock Task permissions in the MDM. In Samsung Knox Manage, this is called Kiosk mode.
  • The Locker app must be added to the allowlist in your MDM.
Step 1: Configure GroundControl

The integration of GroundControl with Samsung Knox Manage requires that you configure the API Integration and Android Locker App.

  1. In the GroundControl console, navigate to Admin > MDMs. Click + Add, and select Knox Manage.
  2. Switch the API Integration setting to ON. Click Configure.
  3. In the configuration dialog, add API settings that you obtained from the Samsung Knox Manage console.
Step 2: Set Up Samsung Knox Manage

In the Knox Manage admin console,

  1. In Group, create a user group for the GroundControl users.
  2. In Application, add applications, including the Imprivata Locker app for Android.
  3. Assign the applications to the user group.
  4. Set up the app configuration for the Imprivata Locker app:
    1. Click Modify settings, then click Set Configuration.
    2. In the Managed Configuration box, type AppConfig. Enter the AppConfig values.
    3. In the GroundControl MDM ID box, click Configure and type the GroundControl MDM ID.
    4. In the GroundControl Server box, click Configure and type the GroundControl server.
    5. In the Device Identifier box, click Configure and type the Device Identifier.
    6. Optionally, in the Emergency PIN box, type the Emergency PIN.
    7. Optionally, in the Configuration Flags box, type enrollAndroidPIN to allow the use of native Android PIN.
  5. Save the AppConfig.
Step 3: Configure Kiosk Applications

In Knox Manage, specify a collection of approved apps, including the Imprivata Locker app.

  1. In the Knox Manage admin console, navigate to main menu > Kiosk.
  2. Select Multiple App Kiosk and click Next.
  3. Add components to the screen, including the Imprivata Locker into the Preview pane.
Enroll Devices

Knox Manage device enrollment begins with a factory reset of the device.

To enroll a device:

  1. Wipe the device by using the full factory reset.
  2. Turn on the newly reset device.
  3. On the Welcome screen, select your language.
  4. Connect to the Wi-Fi, and then choose NEXT.
  5. Accept the Google Terms and conditions, and then choose NEXT.
  6. On the Google sign-in screen, enter afw#KnoxManage instead of a Gmail account, and then choose NEXT.
  7. Complete the enrollment.