- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Open API reference
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Add a directory server in the Admin Portal to synchronize corporate user information by integrating the corporate directory server.
To add a directory server, complete the following steps:
- Navigate to Advanced > Directory Integration > Directory Pool.
- On the Directory Pool page, click Add.
- On the Add Directory Pool page, enter the following information:
- Directory Pool Name—Enter a name for the pool that is up to 20 characters and that consists of letters, numbers, or special characters (only dashes and underscores are allowed) to distinguish it from other directory services.
- Encryption Type—Select one of the following encryption types for the internet communication protocol used for communication with the directory server.
- None—No encryption
- TLS—Transport Layer Security
- Auth Type—Select one of the following authentication types used for communication with the directory server.
- None—no encryption
- Simple—Select this option if you are not certain about the authentication type.
- DIGEST-MD5 (SASL), CRAM-MD5 (SASL) , or GSSAPI (Kerberos)—If you select one of these authentication types, configure the additional advanced settings on the Authentication Detailed Setting tab as follows:
- SASL Realm—Enter the realm value
of the SASL server in the relevant domain’s format, such as
sample.com. - Quality of Protection—Select one
of the following qualities of the data protection options.
- Authentication only—Protects the data only for authentication.
- Authentication with integrity—Ensures the integrity of all the data exchanged, including authentication data.
- Authentication with integrity and privacy—Ensures integrity for all the data exchanges, including authentications through data encryption.
- Protection Strength—Select one of
the data protection levels.
- High—Use 128-bit encryption.
- Medium—Use 56-bit encryption.
- Low—Use 40-bit encryption.
- Mutual authentication—Click the check box to ensure data validity by inserting the key into the data exchanged between the client and server.
- Kerberos Credential Configuration—Select one of the following methods for obtaining a Kerberos ticket.
- Use native TGT—Select this option if you have already issued a ticket in the Admin Portal.
- Obtain TGT from KDC—Issue a new ticket using the default user ID and password.
- Kerberos Configuration—Select one
of the following methods for configuring the Kerberos server.
- Use native system configuration—Use the Kerberos server information defined in the Java Property.
- Use following configuration—Enter the following Kerberos server information manually.
- Kerberos Realm—Enter the realm of the Kerberos server.
- KDC Host—Enter the Kerberos Key Distribution Center (KDC) host or the IP address.
- KDC Port—Enter the KDC port number.
- IP/Host—Enter the IP or host address of the directory address. Enter the TCP port number to use for communication with the directory server. 389 is the default port number used for unencrypted communication with the directory server.
- User ID—Enter the user ID (administrator account) that can access the directory server and read it. You can enter this information in various forms, such as
domain\administrator ID,administrator ID@domain or CN=administrator ID,CN=Users,DC=domain,DC=com. - Password—Enter the password associated with this user ID.
- Max Active Limit—Select the maximum number of active connections available from 10 to 50.
- Max Idle Limit—Select the maximum number of idle connections available from 0 to 30.
- Description—Enter a description of the directory server.
- Click Test Connection to test suitability with the entered information of the directory server, and then click Save to add the directory server.
NOTE—Knox Manage provides a secure channel between the directory server and the Knox Manage server through Cloud Connector. If you select the authentication type as GSSAPI (Kerberos), Cloud Connector cannot be used. For more information about Cloud Connector, see Using Cloud Connector.
|
Authentication type |
Description |
|---|---|
|
DIGESTMD5 (SASL) and CRAMMD5 (SASL) |
Enter the following information for configuring the settings for Simple Authentication and security layer (SASL), which is a telnet-based protocol. |
|
GSSAPI (Kerberos) |
Enter the following information for GSSAPI (Kerberos) authentication. |
