Mandatory two-factor authentication for all IT admins using Knox Deployment App

Environment

• Knox cloud services
• Knox Deployment App

Overview

To allow the Knox Deployment App to leverage Samsung Account’s security features — like login alert, trusted device management, force logout, account activity history, and so on — two-factor authentication, or 2FA, will be required when logging in to the Knox Deployment App. A user who does not have 2FA set up will be directed to configure 2FA first.

A user who signs in to the Knox Deployment App effectively signs in with their Samsung Account on the entire device — not just the Knox Deployment App.

In addition, the minimum Knox version for the Knox Deployment App is now Knox 2.8 (Android 7.1).

The following are accepted as the second form of authentication:

• Phone number
• Authenticator app (such as Microsoft Authenticator, Google OTP, and so on)
• Verification code sent to other Galaxy devices
• Backup codes

The following are the user impacts:

• Once the user has successfully signed in, they no longer need to sign in again.
• Once the user has set up 2FA on their account, it will also be required when they sign in to the Knox Admin Portal.
• Users using a personal Samsung Account for B2C services — for example, Samsung Health, SmartThings, and so on — will not be able to sign in to the Knox Deployment App on the same device with their enterprise account. They will need to sign out of their personal account first.

Additional information

For more information, see the FAQs for two-step verification.