Administrators and roles management

Invite admins and manage roles

Create Knox Guard administrator accounts as new admin accounts and their unique role permissions require, or revise the account privileges of an existing administrator.

To manage Knox Guard administrators and assign relevant roles and permissions:

  1. Select Administrators and Roles from the left-hand navigation menu.

  1. If you cannot locate an existing administrator, use the Search field located on the upper, left-hand side, of the screen.
  2. Refer to the following to assess if existing administrator accounts are sufficient or whether a new admin account and appropriate roles require creation:
  • NAME - Lists the name of each existing administrator resource.
  • EMAIL - Lists the administrator's email used as their administrative login ID.
  • ROLE - Lists the assigned role that defines this administrator's permissions. The role displays as a link that can selected to review the administrator role in more detail. If necessary, select the ROLES tab to review existing roles, their descriptions and number of administrator assignments. The ROLE NAME displays as a link that can be selected to edit the Role name, Description and permissions.
  • STATUS - From back at the ADMINISTRATORS tab, the STATUS column lists the approval status of each listed administrator, as their credentials are evaluated (pending), active or inactive.
  1. If a new Knox Guard administrator account is needed, select ACTIONS > Invite Administrator button.
NOTE - An Invite administrator screen could display stating that before an administrator can be invited, a role must be first created and available for assignment. Ensure appropriate roles are created and available for assignment before proceeding with an administrator invitation.

  1. Select the CREATE ROLE button and define the following required administrator roles and permissions:
NOTE - Existing roles can be also be reviewed by selecting the ROLES tab within the Administrators and roles screen by selecting the CREATE ROLE button from the upper, right-hand side, of the screen. The ROLES tab displays existing roles names, their description and the number of Knox Guard administrators using each listed role.
  • Provide the required Role name and an optional Description for this specific role. Enable the Allow access to Knox Guard portal with the following permissions setting to provide this administrator specific permissions, or just view only capabilities.

  • Refer to the Devices portion of the screen and select the checkboxes supporting specific device management specific permissions. An administrator cannot assign permissions that they do not have themselves. Select View only to permit the admin to view device configurations only, with no device administration permissions granted. For detailed information on setting default values for each of these Knox Guard device management activities, go to: Manage default device settings.
  • Refer to the Policies portion of the screen and select the default setting, EULA, and notification icon permissions the administrator requires. Select View only to permit the admin to view policy configurations only, with no policy permissions granted.
  • Refer to the Licenses portion of the screen and select the license addition and deletion permissions administrators with this role require. Select View only to permit the admin to view license configurations only, with no license administration permissions granted.
  • Refer to the Resellers portion of the screen and select the registration/edit, and deletion permissions to onboard or remove resellers. Select View only to permit the admin to view reseller configurations only, with no reseller administration permissions granted.
  • Refer to the Activity log portion of the screen to optionally allow administrators with this role to view the details of the Knox Guard activity log.
  • Refer to the Administrators and roles portion of the screen and determine whether this role has the ability to Invite and manage administrators and Create and manage roles. If an administrator does not have an Invite and manage administrators permission, they cannot assign that permission to others.
  • Select Allow access to Knox Guard APIs portal to grant this administrator the permission to access the Knox Cloud APIs portal.
NOTE -A Super Admin or an admin with Admin invitation permissions can invite an admin belonging to a different service to a role in their service. For example, Admin 1 belongs to just KG with a non-Super Admin role. Admin 2 belongs to KME with a non-Super Admin role, but has Admin invitation permissions. Therefore, Admin 2 can invite Admin 1 to join KME for any role for which Admin 2 currently has permission.
  1. Select SAVE when completed to continue and have this newly created role available for selection for a pending administrator invitation.

  1. Provide the following to complete an initiate the administrator invitation:
  • First name - Provide the first name of the administrator resource.
  • Last name - Provide the last name of the administrator resource.
  • Email - If this email is not already associated with a Samsung account, the admin will have to create a Samsung account before logging into Knox Guard. The creation of a Samsung account is required before an administrative account can be created.
  • Role - Use the drop-down menu to assign this new administrator a role that is appropriate to their intended administrative function. If unsure about the exact permissions of an available role, select View Role Details to review the scope of their available permissions.
  1. Select INVITE when completed. The newly added, but pending, administrator displays as a link by name within the Administrator & Roles screen. Select the link as needed to review this administrator in detail.

Delete a role

  1. Select Administrators and Roles from the left-hand navigation menu.
  2. Select the ROLES tab and click on the role you want to delete.

  3. In the Edit role window, select DELETE. A Delete role pop-up window prompts to confirm the action while showing any pending, revoked or blocked admins associated with this role. If there is an active admin associated with this role, it needs to be assigned another role to complete the deletion. Both these cases display below.