Invite and manage admins
On this page
This topic describes how to invite and manage admins, as well as assign the required roles and permissions needed to complete an admin invitation. For an overview of role-based access control and how it impacts an administrator invitation, go to: Role-based access control.
Invite and manage admins
Only selected and IT admins are approved to enroll devices on behalf of customers.
Invite IT admins from within the Knox Mobile Enrollment portal as needed, and assign them unique enrollment services and permissions.
- Select Administrator & Roles from the left-hand navigation menu.
- Select INVITE ADMINISTRATOR from the upper, right-hand side of the screen.
NOTE - An Invite administrator screen could display stating that before an administrator can be invited a role must be first created and available for assignment. Ensure appropriate roles and permissions are created and available before proceeding with an administrator invitation.
- Select the CREATE ROLE button.
- If creating a role for a pending administrator invitation, provide the required Role name and an optional Description. Refer to the Permissions portion of the screen and enable then select additional permissions by category as required beyond the basic permissions assigned by default. The Invite and manage administrators permission can only be assigned by an administrator that themselves has that specific permission enabled. A Super Admin or an Admin with Admins' permissions can invite an admin belonging to a different service to a role in their service.
- Select SAVE to continue.
NOTE - Most permission categories within the Create role screen have a View only option that only permit an admin with this role to view items with no configuration, device or reseller administration permitted. New roles have the view only permission enabled by default. Existing roles that inherit the a View only permission have it turned off by default, to prevent issues.
- Enable Allow access to Knox Deployment Application
to use the Knox Deployment App (KDA) exclusively for device enrollment into KME, without the use of the KME console. When relying on the KDA without the KME console an admin must log into the KDA, choose a service (KME, KC, KG, etc.), select a profile, pair the master/admin device with a target device, and assign the profile to the target device. For more information on using the KDA, go to: Knox Deployment App (KDA)
- Provide the following to complete an administrator invitation:
- First name - Provide the first name of the administrator resource.
- Last name - Provide the last name of the administrator resource.
- Email - If this email is not already associated with a Samsung Account, the user will have to create a Samsung Account before logging into Knox Mobile Enrollment. The creation of a Samsung account is required before an administrative account can be created. Samsung Knox does not support personal email addresses for new Knox account requests that have not been registered as a Samsung account.
- Role - Use the drop-down menu to assign this new administrator a role appropriate to their intended administrative function. If unsure about the exact permissions of an available role, select View Role Details to review the scope of its available permissions. The Role drop-down menu is customized for role assignments based on the administrator creating the invite.
NOTE - Existing administrators without a Create and manage roles permission can only invite admins with a matching set of their own permissions.
- Select INVITE when completed. The newly added, but pending, administrator displays as a link that can be selected to update the administrator name and company management designation. If editing the administrator's profile, select Save to commit the additional updates.