Mandatory two-factor authentication for all IT admins using Knox Deployment App

Environment

• Knox Cloud Services (KCS)
• Knox Deployment App (KDA)

Overview

To allow the Knox Deployment App (KDA) to leverage Samsung Account’s security features (like login alert, trusted device management, force logout, account activity history, and so on) two-factor authentication (2FA) will be required when logging in to KDA. A user who does not have 2FA set up will be directed to configure 2FA first.

A user who signs in to KDA effectively signs in with their Samsung Account on the entire device—not just KDA.

In addition, the minimum Knox version for KDA is now Knox 2.8 (Android 7.1).

The following are accepted as the second form of authentication:

• Phone number
• Authenticator app (such as Microsoft Authenticator, Google OTP, and so on)
• Verification code sent to other Galaxy devices
• Backup codes

The following are the user impacts:

• Once the user has successfully signed in, they no longer need to sign in again.
• Once the user has set up 2FA on their account, it will also be required when they sign in to SamsungKnox.com.
• Users using a personal Samsung Account for B2C services (for example, Samsung Health, SmartThings, and so on) will not be able to sign in to KDA on the same device with their enterprise account. They will need to sign out of their personal account first.

Additional information

For more information, see the FAQs for two-step verification.