- *BASICS*
- The Knox Ecosystem
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- *FOR IT ADMINS*
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- White paper
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Introduction
- Get started
- Features
- Register resellers
- Add an admin
- Create profiles
- Google device owner support
- MDM compatibility matrices
- Device users
- Activity log
- Enroll and unenroll devices
- Configure devices
- Provide KME feedback
- Use the Knox Deployment App (KDA)
- Recover Google FRP locked devices using KME
- Role-based access control (RBAC)
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Knox Configure
- Mobile
- Wearables
- Shared Device
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQs
- Troubleshoot
- Knox Manage
- Introduction
- How-to videos
- Get started
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- FAQs
- KBAs
- Knox E-FOTA
- Introduction
- White paper
- Knox E-FOTA One
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQs
- Troubleshoot
- KBAs
- Migrate from Knox E-FOTA Advanced to Knox E-FOTA One
- Knox E-FOTA Advanced
- Knox E-FOTA on MDM
- Samsung Care+ for Business
- *FOR RESELLERS*
- Knox Deployment Program
- *FOR MANAGED SERVICE PROVIDERS*
- Knox MSP Program
Knox Deployment App
About
The Knox Deployment App provides the flexible option to IT admins needing to bulk enroll end-user devices to KC without having a reseller. Using this app allows IT Admins to reduce their bulk deployment time, and easily locate the devices within the KC console upon enrollment.
Prerequisites
To support Bluetooth, NFC, or Wi-Fi Direct Knox Deployment App enrollments, an IT admin must:
- Secure a Knox Portal account and ensure:
- Your devices support the Bluetooth or NFC protocols. Check your device specification if unsure.
- You have at least one profile configured in Knox Configure or Knox Mobile Enrollment portal
- Secure the appropriate licenses to enroll devices (through the Samsung Knox Portal).
- A Knox Portal account. For more information, go to: Sign up for Knox Configure.
- Install the Knox Deployment on an admin/primary device, and login using their Knox Portal ID/password.
- Select a KC profile on the admin/primary device to apply to the end-user devices.
Bluetooth enrollment
To support Bluetooth-based enrollment, an IT admin installs the Samsung Knox Deployment App on a dedicated admin/primary smartphone or tablet device, and selects existing KC configuration profiles to update a separate end user device. If the user’s device is within proximity of the admin/primary device, the user device connects to the admin device wirelessly via Bluetooth without a PIN or password requirement. For more information, go to: Bluetooth deployment.
NFC enrollment
With Near Field Communication (NFC) enrolments, a non-B2B device is “bumped” (held closely together) with another smartphone device with Knox Deployment App running and scanning in NFC mode. The dedicated primary NFC device displays profiles available for enrollment and end user device enrollment begins once an IT admin selects a profile. The NFC enrollment option is not available to tablet devices. For more information, go to: NFC deployment.
Wi-Fi Direct enrollment
Wi-Fi Direct supported devices can connect directly to each other via a WLAN, without joining a traditional wireless network or Wi-Fi hotspot. Once enabled, the device automatically scans for other supported Wi-Fi direct devices. Once discovered, specific devices can be selected for enrollment data transfer. For more information, go to Wi-Fi Direct deployment.
App version information
Knox Deployment App version information and available open source licenses can be referenced from within the ABOUT screen. Samsung recommends you periodically compare the Knox Deployment App’s version to the latest available from Samsung to ensure you have the latest feature set and functionality available.
To launch the Knox Deployment App’s ABOUT screen:
- Invoke the drop-down menu from the top, right-hand, side of the device and select About.
- Refer to the listed version number and note the version. If needed, select Open source licenses to review the available open source licenses available to your Knox deployment.
Using the Knox Deployment App
This section describes the screen flow navigation for a typical enrollment using the Knox Deployment App.
- Select SIGN IN once the Knox Deployment App launches on the device.
- Enter the Knox Portal Username and Password to login into the Knox Deployment App.
- Select Remember me to display and utilize the username in subsequent Knox Deployment App logins.
- Select SIGN IN to proceed with the device login.
Once you have successfully logged into the Knox Deployment App, a WELCOME screen displays providing first-time options for profile selection and deployment mode.
Profile selection
Select a profile to apply specific device settings to a primary/admin device using to enroll end user devices.
To select a configuration profile using the Knox Deployment App:
- Select Tap here to select a profile from the Welcome screen display a list of profile selection options.
- Optionally filter whether All profiles are listed for potential selection or just Knox Configure or Knox Mobile Enrollment defined profiles. The most recent profile additions display first within their respective categories.
- Each listed profile has a brief description to help determine its relevance to a potential Bluetooth device enrollment using the Knox Development App. An important distinction to the profile description is the profile’s relevance to either phones and tablets or wearable devices.
- If needed, select the Search icon near the top of the screen to display a search field where existing profiles can be located and displayed. The search function only locates filtered profiles.
- If there are no profiles available, a profile requires creation using the Knox Configure console at www.samsungknox.com. For more information on deploying devices with a Knox Configure profile, go to: Deploying devices with a profile.
- Select a listed profile. Once selected, the profile displays upon subsequent logins. The profile is now ready for Bluetooth, NFC, or Wi-Fi Direct deployment mode selection as described in the sections that follow.
Bluetooth deployment
Once profiles are set on the primary admin device, the IT admin needs to set Bluetooth as the deployment mode and define the Bluetooth duration interval. End users can then enroll their device by entering the appropriate URL via KC.
To deploy devices using the KDA:
- From the admin primary device, navigate to the SELECT DEPLOYMENT MODE screen and select Bluetooth as the device deployment mode.
- If setting up a Wi-Fi connection resource for the device, select Wi-Fi for deployed devices, and select either a saved or available network resource for connection. Wi-Fi credentials are validated upon input, so ensure they are correct. Using Wi-Fi, a device can connect to a specified configured network to communicate externally.The following restrictions apply for the Wi-Fi for deployed devices setting:
- Only out-of box KC trigger (+ gesture) deployments are supported.
- The receiver device must be utilizing Knox version 3.2 or above.
- Only Note9 and Tab S4 and above devices are supported.
- Not supported on wearable devices.
- Set the Bluetooth Duration for either 30 minutes, 1 hour, 3 hours, 5 hours or 8 hours. Select OK to save the update.
- The Bluetooth duration is deployment activation period for end user devices receiving their profile configuration from the IT admin’s primary device. Once the set duration expires, devices cannot enroll with the Knox Deployment App, and the process must be repeated to continue the enrollment of other required devices.
- From the Knox Deployment screen, the admin selects START DEPLOYMENT to initiate the defined Bluetooth Duration interval.
- The device’s end user must go to https://me.samsungknox.com and complete the instructions provided.
- The end user then selects FINISH DEPLOYMENT to complete the enrollment.
NFC deployment
Once profiles are set on the primary admin device, the IT admin needs sets NFC as the deployment mode. If you are NFC enrolling a device using both KC and KME, use KC first.
To deploy devices using the KDA:
- From the admin primary device, navigate to the SELECT DEPLOYMENT MODE screen and select NFC as the device deployment mode.
- If setting up a Wi-Fi connection resource for the device, select Wi-Fi for deployed devices, and select either a saved or available network resource for connection. Using Wi-Fi, a device can connect to a specified configured network to communicate externally. The following restrictions apply for the Wi-Fi for deployed devices setting:
- Only out-of box KC (+ gesture) deployments are supported
- The receiver device must be utilizing Knox version 3.2 or above
- Only Note9 and Tab S4 and above devices are supported
- Not supported on wearable devices
- Beam enrollment information to the receiving device by holding the primary/admin device back-to-back with an NFC enabled and compatible device and then pressing the screen as illustrated below.
- Select FINISH DEPLOYMENT on primary/admin device once the NFC beam is completed with the end user device.
Wi-Fi Direct deployment
Wi-Fi direct devices can connect directly to each other over a WLAN without a wireless network or Wi-Fi hotspot. Once enabled, the device automatically scans for other supported Wi-Fi direct devices. Once located, specific devices can be identified for data transfers.
Only out-of-box "trigger" deployments are supported for Wi-Fi Direct device deployments. Trigger deployments utilize a plus sign (+) gesture on a device's Welcome screen to start an out-of-box deployment, and bypass the setup wizard.
To enroll and deploy devices using the KDA Wi-Fi Direct option:
- From the admin primary device, navigate to the SELECT DEPLOYMENT MODE screen and select Wi-Fi Direct as the device deployment mode.
- Once Wi-Fi Direct is selected as the deployment mode, specify whether the Wi-Fi Direct connection is automatic or manual from the following two options:
- Accept manually - Requires a device user to enter a system generated PIN every time a connection is requested from an enrolling device. This is the default setting, and provides greater security and data protection.
- Accept automatically - Automatically accept connection requests from enrolling devices.
Both of these Wi-Fi Direct connection options are described in the sections that follow.
Accept connection requests automatically
If wanting to establish an automatic Wi-Fi Direct connection:
- Select Accept automatically when prompted from the Select Wi-Fi Direct screen.
- Select Connect before the countdown expires to initiate a Wi-Fi Direct connection with the primary/admin device. This enables the listed device to share enrollment information via the newly established Wi-Fi Direct connection.
- Select FINISH DEPLOYMENT on primary/admin device to complete the enrollment date transfer.
Accept connection requests manually
If wanting to establish a manual Wi-Fi Direct connection:
- Select Accept manually when prompted from the Select Wi-Fi Direct screen.
- Document the displayed PIN needed to proceed with the manual Wi-Fi Direct connection.
- Select Connect before the countdown expires to proceed. An Accept sharing request screen displays prompting for the required PIN before the countdown timer expires.
- Type the required PIN and select Accept. This enables the listed primary/admin device to share enrollment information via the newly established Wi-Fi Direct connection.
- Select FINISH DEPLOYMENT on primary/admin device to complete the enrollment date transfer.