Knox Authentication Manager
Last updated September 26th, 2023
Knox Authentication Manager is a managed app for shared Samsung devices that provides multiuser facial biometrics and sign-in automation for increased frontline worker productivity and safety.
Supported UEMs and management types
Knox Authentication Manager works with the following UEM solutions using fully managed devices with access to Managed Google Play:
UEM solution | Main sign-in method |
---|---|
VMware Workspace ONE | Launcher |
Microsoft Intune | Managed Home Screen |
SOTI MobiControl | Customer Azure AD credentials1 — devices must be in kiosk mode (Lockdown) |
Samsung Knox Manage | Customer Azure AD credentials1 — devices must be in kiosk mode |
1 When using SOTI or Knox Manage with Knox Authentication Manager, you need an Azure account. If you don’t already have an Azure account, sign up on the Microsoft Azure portal page.
Required network capabilities
See below for the network requirements for Knox Authentication Manager:
- Groups of devices must be able to communicate with one another through Wi-Fi for device-to-device syncing.
- Devices must be able to reach Google Firebase to coordinate syncing (no subscription is needed).
- If your enterprise is behind a firewall, you must add our Knox servers to your firewall’s allowlist. For details, see Firewall exceptions.
- Since Knox Authentication Manager communicates with Firebase using HTTPS, you should add port 443, the standard port for HTTPS transmissions, and URLs that end with *.firebaseio.com to your firewall’s allowlist.
- Knox Authentication Manager uses UDP and TLS protocols for device communication and data exchange over port numbers. The default ports for UDP are 49158 and 49159, and the default port number for TLS is 7788, but these ports can be customized. Add these ports, or the ones you set, to your firewall’s allowlist.
When you set up Knox Authentication Manager in your UEM, you need to create a shared key to encrypt and protect user profiles and device group communication. One way to generate this key is through OpenSSL. Mac and Linux users can run openssl rand -base64 24
in a terminal. Windows users first have to install OpenSSL. See the OpenSSL documentation for more information.
Required license
A valid Knox Suite license key is required to use Knox Authentication Manager. For more information, see Get started as an IT admin.
Additionally, to ensure that Knox Authentication Manager performs optimally, admins should configure specific Knox Service Plugin policies with their UEM. For more information on Knox Service Plugin requirements, see Get started as an IT admin and Knox Service Plugin.
Supported devices
Knox Authentication Manager is only available for select fully managed, devices running Android 12 or higher. For the supported devices, see the table below.
Device | Platform/OS | Knox version |
---|---|---|
Galaxy A13 series Galaxy A14 LTE Galaxy A23 5G Galaxy A32 Galaxy A32 5G Galaxy A33 5G Galaxy A34 5G Galaxy A52 Galaxy A52s 5G Galaxy A52 5G Galaxy A53 5G Galaxy A54 5G |
Android — Secured by Knox | 3.9 |
Galaxy N20 series | Android — Secured by Knox | 3.9 |
Galaxy S20 series Galaxy S21 series Galaxy S21 FE Galaxy S22 series Galaxy S23 series |
Android — Secured by Knox | 3.9 |
Galaxy XCover Pro Galaxy XCover 5 Galaxy XCover 6 Galaxy XCover 6 Pro |
Android — Secured by Knox | 3.9 |
Galaxy Tab S7 Galaxy Tab S8+ Galaxy Tab Active 3 Galaxy Tab Active4 Pro Galaxy Tab S9 series |
Android — Secured by Knox | 3.9 |
Galaxy Z series Galaxy Z3 series Galaxy Z4 series |
Android — Secured by Knox | 3.9 |
Get started with Knox Authentication Manager
See the below pages for guided workflows of Knox Authentication Manager for new admins and end-users.
Is this page helpful?