- Basics
- The Knox Ecosystem
- White Paper
- Samsung Knox Portal
- Knox Cloud Services
- General Knox Support
- Knox Licenses
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Administrators and roles management
Invite admins and manage roles
Create Knox Guard administrator accounts as new admin accounts and their unique role permissions require, or revise the account privileges of an existing administrator.
To manage Knox Guard administrators and assign relevant roles and permissions:
- Select Administrators and Roles from the left-hand navigation menu.
- If you cannot locate an existing administrator, use the Search field located on the upper, left-hand side, of the screen.
- Refer to the following to assess if existing administrator accounts are sufficient or whether a new admin account and appropriate roles require creation:
- NAME - Lists the name of each existing administrator resource.
- EMAIL - Lists the administrator's email used as their administrative login ID.
- ROLE - Lists the assigned role that defines this administrator's permissions. The role displays as a link that can selected to review the administrator role in more detail. If necessary, select the ROLES tab to review existing roles, their descriptions and number of administrator assignments. The ROLE NAME displays as a link that can be selected to edit the Role name, Description and permissions.
- STATUS - From back at the ADMINISTRATORS tab, the STATUS column lists the approval status of each listed administrator, as their credentials are evaluated (pending), active or inactive.
- If a new Knox Guard administrator account is needed, select ACTIONS > Invite Administrator button.
NOTE - An Invite administrator screen could display stating that before an administrator can be invited, a role must be first created and available for assignment. Ensure appropriate roles are created and available for assignment before proceeding with an administrator invitation.
- Select the CREATE ROLE button and define the following required administrator roles and permissions:
NOTE - Existing roles can be also be reviewed by selecting the ROLES tab within the Administrators and roles screen by selecting the CREATE ROLE button from the upper, right-hand side, of the screen. The ROLES tab displays existing roles names, their description and the number of Knox Guard administrators using each listed role.
- Provide the required Role name and an optional Description for this specific role. Enable the Allow access to Knox Guard portal with the following permissions setting to provide this administrator specific permissions, or just view only capabilities.
- Refer to the Devices portion of the screen and select the checkboxes supporting specific device management specific permissions. An administrator cannot assign permissions that they do not have themselves. Select View only to permit the admin to view device configurations only, with no device administration permissions granted. For detailed information on setting default values for each of these Knox Guard device management activities, go to: Manage default device settings.
- Refer to the Policies portion of the screen and select the default setting, EULA, and notification icon permissions the administrator requires. Select View only to permit the admin to view policy configurations only, with no policy permissions granted.
- Refer to the Licenses portion of the screen and select the license addition and deletion permissions administrators with this role require. Select View only to permit the admin to view license configurations only, with no license administration permissions granted.
- Refer to the Resellers portion of the screen and select the registration/edit, and deletion permissions to onboard or remove resellers. Select View only to permit the admin to view reseller configurations only, with no reseller administration permissions granted.
- Refer to the Activity log portion of the screen to optionally allow administrators with this role to view the details of the Knox Guard activity log.
- Refer to the Administrators and roles portion of the screen and determine whether this role has the ability to Invite and manage administrators and Create and manage roles. If an administrator does not have an Invite and manage administrators permission, they cannot assign that permission to others.
- Select Allow access to Knox Guard APIs portal to grant this administrator the permission to access the Knox Cloud APIs portal.
NOTE -A Super Admin or an admin with Admin invitation permissions can invite an admin belonging to a different service to a role in their service. For example, Admin 1 belongs to just KG with a non-Super Admin role. Admin 2 belongs to KME with a non-Super Admin role, but has Admin invitation permissions. Therefore, Admin 2 can invite Admin 1 to join KME for any role for which Admin 2 currently has permission.
- Select SAVE when completed to continue and have this newly created role available for selection for a pending administrator invitation.
- Provide the following to complete an initiate the administrator invitation:
- First name - Provide the first name of the administrator resource.
- Last name - Provide the last name of the administrator resource.
- Email - If this email is not already associated with a Samsung account, the admin will have to create a Samsung account before logging into Knox Guard. The creation of a Samsung account is required before an administrative account can be created.
- Role - Use the drop-down menu to assign this new administrator a role that is appropriate to their intended administrative function. If unsure about the exact permissions of an available role, select View Role Details to review the scope of their available permissions.
- Select INVITE when completed. The newly added, but pending, administrator displays as a link by name within the Administrator & Roles screen. Select the link as needed to review this administrator in detail.
Delete a role
- Select Administrators and Roles from the left-hand navigation menu.
- Select the ROLES tab and click on the role you want to delete.
- In the Edit role window, select DELETE. A Delete role pop-up window prompts to confirm the action while showing any pending, revoked or blocked admins associated with this role. If there is an active admin associated with this role, it needs to be assigned another role to complete the deletion. Both these cases display below.