Back to top


Last updated July 26th, 2023

Get started with the basics by learning what Knox Authentication Manager is and how it works.

What is Knox Authentication Manager?

Knox Authentication Manager is a managed, Android autofill service for shared, fully managed Samsung devices. Knox Authentication Manager offers multiuser facial biometrics to speed-up shared device sign-ins, eliminates authentication friction by saving and automatically filling user credentials for any productivity app that requires manual sign-in, and securely syncs users’ profiles across shared devices.

Profile sync enables users to enroll once on a single device, then pick up any other device and instantly make it their own for the duration of their shift. Knox Authentication Manager has features in place to help keep personal data secure. With profile syncing, no data is stored to the cloud or a server.

Device syncing is coordinated through device groups that are defined by admins or auto-defined based on Wi-Fi subnets. Device groups typically map to facilities where a group of users share devices. To sync, devices must be able to communicate with each other via Wi-Fi and reach Google Firebase, though no Google Firebase account or subscription is required by your enterprise or users.

Diagram of device to device syncing in groups.

How does it work?

Knox Authentication Manager works with your UEM to capture users’ enterprise sign-in credentials. New users first sign in to a UEM shared device launcher or Azure AD and then register for Knox Authentication Manager.

Knox Authentication Manager allows two different sign-in methods for devices, face and manual. Face sign-in directs users to enter a PIN number and scan their face to sign in. Manual sign-in requires users to sign in with their enterprise credentials. Admins can choose which method to enable via their UEM.

After registration, users allow Knox Authentication Manager to save their credentials for any productivity apps that require sign-in and align with the Knox Authentication Manager sign-in flows. The next time they sign in to a device in your fleet, Knox Authentication Manger automatically signs them in to any apps for which they saved their credentials.

When a user’s session on a device ends, the device is ready for the next user to sign in to and use. Knox Authentication Manager thus benefits enterprises that have shift work because it allows users working at different times of the day to seamlessly use the same devices.

Further reading

See the below pages for detailed explanations and walkthroughs of Knox Authentication Manager’s features.

Is this page helpful?