Knox Mobile Enrollment Requirements
On this page
Knox Mobile Enrollment enables IT administrators to enroll multiple Samsung devices in a MDM without having to manually configure each device. This section describes how to obtain KME access for the first time.
To use Knox Mobile Enrollment, you need:
- A Samsung account. For more information, go to: Create your Samsung accounts.
- A Knox Portal account. For more information, go to: Create your Samsung accounts.
- Samsung Knox devices running Knox version 2.4 or higher. Some devices lacking a device root key (DRK) support enrollment using a Knox 2.4.1 binary.
- A MDM provider supporting the Knox Mobile Enrollment program
- The correct firewall exemptions needed to extend beyond your local and protected network domain and securely connect to the Knox Mobile Enrollment server. For more information, go to: Firewall exceptions.
- A KME supported browser (Internet Explorer, Firefox, and Chrome). Internet Explorer is not recommended if using an on-premise MDM.
- Permission to access Knox Mobile Enrollment features
KME process overview
KME registration and enrollment requires the following activities be completed:
- Go to Knox Mobile Enrollment and request access. For more information, go to Getting KME access.
- Purchase devices from an authorized Samsung device reseller.
- Create a profile for the MDM with whom you are working.
- Add device information for the devices you want to enroll.
- Configure and assign devices to a profile.
NOTE - End user devices prompt their users to complete the enrollment process, accept the displayed prompts and enter their credentials as requested.
If you purchased devices from a Samsung approved reseller:
Exchange IDs with your reseller to ensure the device enrollment process remains secure.
Your reseller uploads device information using the Knox Reseller Portal.
Review and approve the device information uploaded by your reseller.
If you did not purchase devices from a Samsung Approved Reseller:
Download the Knox Deployment App from the Google Play Store.
Enable NFC on the device where you installed the app and the devices you are trying to use with Knox Mobile Enrollment.
Follow the on-screen prompts to add device information.
About the KME portal
Once you initially login to Knox Mobile Enrollment, you have the option of utilizing a get started carousel and auto tour to become more familiar with the KME console. For more information, go to:
The following navigation options display on the left-hand side once you successfully log in to the KME console.
Navigate amongst the Devices, MDM Profiles, Resellers, Device Users, Administrators & Roles, Activity log, Feedback and Support options to review the devices in the enrollment queue, existing profile assignments, resellers and user designations, KME activity log entries or leave feedback to the Knox team.
If deploying hundreds or thousands of devices. consider selecting BULK ACTIONS to review the configuration activities that can be conducted on up to 10,000 devices in one CSV file upload operation. Each BULK CONFIGURE, BULK DELETE and BULK ASSIGNMENT option has a View instructions link that can be selected for detailed instructions on preparing a properly formatted CSV file and uploading it into KME.
The following display as options within the DEVICES screen:
- UPLOADS - Lists devices uploaded into KME by a reseller by default. No NFC devices display within the Uploads tab. Select View from the DETAILS column to review the selected upload in greater detail and potentially configure or delete devices from the upload.
- ALL DEVICES - Select this tab to review all devices in the enrollment queue, as well as NFC devices. Device IMEI / MEIDs and SERIAL NUMBERS display as links that can be selected to display more granular Device Details, including Device ID, Model, Status and when the device was Submitted and Edited. Use the MDM Profile drop-down menu to change the device's enrollment profile designation.
- BULK CONFIGURE - Select BULK ACTIONS then the BULK CONFIGURE button to define and upload a .CSV file to bulk enroll up to 10,000 devices. The Bulk Configure screen contains CSV file format instructions to describe how the file should be formatted (327929874389,firstname.lastname@example.org,pwd12342) for user and passwords. Select SUBMIT when completed to implement the updates. For more information, go to Approve devices.
The MDM Profiles screen lists profiles that have been enrolled and assigned to end user devices as well as their current enrollment status.
Profile names display as links to display profile information in greater detail. Profiles can be created or deleted directly from the MDM Profiles screen as your deployment needs require. For more information on creating and modifying profiles, go to Profile configuration.
Refer to the Resellers screen to register Samsung-approved reseller(s), so Samsung can verify device ownership and help prevent erroneous enrollments. The reseller screen lists each reseller, their ID, default profile and upload approval preference.
Optionally select the REGISTER RESELLER button to lookup reseller IDs to register as KME enrollment resources. For more information, go to: Register resellers.
Refer to the Device Users screen to review a list of users to assign enrolled devices and streamline enrollment workflows.
Select the ADD DEVICE USERS button as needed to create user IDs and passwords as needed prior to enrollment and device profile assignment. Additionally, use the ACTIONS drop-down menu to remove or import users individually or import a CSV file with up to 10,000 users. For more information, go to Device Users.
Refer to the DEVICES > All Devices screen to review the enrollment states of the devices in the enrollment queue. The devices states are also populated within the CSV file that can be generated from the bottom of the All Devices screen.
Devices utilizing Knox Mobile Enrollment can be in one of the following enrollment states:
- Pending — The device has been added by an unverified reseller and the IT admin hasn’t verified the reseller yet.
- Unassigned — The device has not been assigned to a profile.
- Failed to assign — The device couldn’t be assigned to a profile. Review the profile information to ensure it is correct.
- Profile assigned — A profile has been assigned to the device, but the end user hasn’t completed the enrollment process yet.
- Canceled by user — A profile has been assigned to the device, but the end user canceled the enrollment process.
- Failed to enroll — The device failed to enroll for reasons other than the end user canceling the process.
- Enrolled — The device has been successfully enrolled, typically by the end user.
The following is an overview of the KME device workflow: