Mandatory two-factor authentication for all IT admins using Knox Deployment App


  • Knox Cloud Services (KCS)
  • Knox Deployment App (KDP)


To allow the Knox Deployment App (KDA) to leverage Samsung Account’s security features (like login alert, trusted device management, force logout, account activity history, and so on) two-factor authentication (2FA) will be required when logging in to KDA. A user who does not have 2FA set up will be directed to configure 2FA first.

A user who logs in to KDA effectively logs in with their Samsung Account on the entire device—not just KDA.

In addition, the minimum Knox version for KDA is now Knox 2.8 (Android 7.1).

The following are accepted as the second form of authentication:

  • Phone number
  • Authenticator app (such as Microsoft Authenticator, Google OTP, and so on)
  • Verification code sent to other Galaxy devices
  • Backup codes

The following are the user impacts:

  • Once the user has successfully logged in, they no longer need to log in again.
  • Once the user has set up 2FA on their account, it will also be required when they log in to
  • Users using a personal Samsung Account for B2C services (for example, Samsung Health, SmartThings, and so on) will not be able to log in to KDA on the same device with their enterprise account. They will need to log out of their personal account first.

Additional information

For more information, see the FAQs for two-step verification.