Back to top

Configure Microsoft Entra settings

Last updated June 26th, 2024

If you enable Microsoft Entra as a sign-in method, you can’t use your Samsung account to sign in to Knox services.

On the Knox Admin Portal

  1. In the top-right corner, click your account icon > My account.
  2. On the Manage your Account page, click the IDENTITY PROVIDER SETTINGS tab.

On the Microsoft Entra portal

Next, add the Samsung Knox and Business Services app:

  1. Under Azure services, click Azure Active Directory.

    The Azure Active Directory button on the Microsoft Azure portal.

  2. In the left sidebar, click Enterprise Applications.

    The Enterprise applications link on the Microsoft Azure portal.

  3. Select New application.

    The New application button on the Microsoft Azure portal.

  4. In the Browse Azure AD Gallery section, enter Samsung Knox and Business Services in the search box.

  5. Select the Samsung Knox and Business Services app from the results and add it.

    The Samsung Knox and Business Services app.

Then, assign users and groups to the Samsung Knox and Business Services app:

  1. In the left sidebar, click Users and groups.

    The Users and groups link on the Microsoft Azure portal.

  2. Click Add user/group.

    The Add user/group button on the Microsoft Azure portal.

  3. On the Add Assignment screen, under Users and groups, click None Selected.

    The None selected link on the Microsoft Azure portal.

  4. In the list of users and groups, search for and select the users and groups to assign to the app. Then, click Select.

    Selected users must have a Microsoft Entra account.

  5. At the bottom of the screen, click Assign to allow the users to access the app.

On the Knox Admin Portal

Finally, follow the steps below to set up the Basic SAML configuration:

  1. In the Azure portal, select the Samsung Knox and Business Services application page, navigate to the Manage section and select Single sign-on.

    The Single sign-on link on the Microsoft Azure portal.

  2. Select SAML as the single sign-on method.

    The SAML tile on the Microsoft Azure portal.

  3. Under Basic SAML Configuration, enter the SAML info from your Samsung Knox settings:

    • For the Identifier (entity ID) field, enter https://www.samsungknox.com.
    • For the Reply URL (assertion consumer service URL) field, enter https://central.samsungknox.com/ams/ad/saml/acs.
    • For the Sign on URL field, enter https://account.samsung.com/.

    The Basic SAML Configuration page on the Microsoft Azure portal.

  4. Under SAML Signing Certificate, copy the App federation metadata URL.

    The Azure Active Directory button on the Microsoft Azure portal.

  5. Navigate back to your Samsung Knox account settings. Under App federation metadata URL, paste the value you copied in Step 4.

  6. Click CONNECT.

  7. In the sign-in window that opens, enter your Microsoft Entra credentials.

Once you verify the connection, a warning popup appears. If you click Continue, you can no longer use your Samsung account credentials to sign in to Knox services.

Is this page helpful?