Knox Authentication Manager v1.8 release notes

New

Delete all user credentials across synced devices

Previously, you were unable to manually delete all stored user credentials across synced devices. With v1.8, you can completely delete a user’s stored credentials across all their devices using the Manually delete user profile policy. This includes their username, password, PIN, face biometrics, and work app data.

When configuring app policies in your UEM console, enter the user’s Entra ID in the Manually delete user profile policy field and push the profile to delete the user’s credentials from all their synced devices.

Show usernames on locked reverification screens

With the v1.8 release, you can show the name of the device user on a locked device’s reverification screen by enabling the Show username on reverification screen policy. This helps users correctly identify the owner of a locked device.

Time out for failed Admin PIN attempts

Previously, users could continuously attempt to enter Knox Authentication Manager admin mode by inputting the device’s Admin PIN with no restrictions. In v1.8, if users fail after six consecutive exit attempts, they’re temporarily timed out and can’t attempt to enter admin mode for a short duration of time. Additionally, the time-out duration increases with successive failed attempts.

Updates 

Customize reverification methods

Previously, device users had to use the same authentication method for both initial sign-in and reverification to the Knox Authentication Manager app. Reverification is required when the device’s screen is locked following a session time out, or when a device with the Use KAM authentication to unlock device policy set to True is locked using the power button.

With the v1.8 release, you can customize reverification methods independently, irrespective of the sign-in authentication method. This allows users to sign-in with one method, and reverify their sign-in with another method if desired. For example, they can use Face+PIN authentication to sign-in, but use PIN only authentication to reverify.

Auto delete unused profile policy supports days

Previously, when setting the Auto delete unused profile policy, you could only configure unused profiles to be automatically deleted after a specified number of months. With v1.8, you can set this policy to delete inactive profiles after a specified number of days.

By default, the Auto delete unused profile policy field registers entered numerical values as months. To set this policy to days, append “d” to the number you enter, such as 14d or 21d. Additionally, one month is defined as 30 days, rather than using exact calendar months. 

VMware is now Omnissa

In 2024, VMware rebranded to Omnissa. To reflect this change, in v1.8, all instances of VMware Workspace ONE are adjusted to Omnissa Workspace ONE.