If you configured device settings for a profile, then the settings can be applied automatically on the device without user action. If two or more values have been configured for the same category on a device, then the user must select a category and apply the settings manually, except for Wi-Fi settings. However, the bookmark settings cannot be applied automatically if the Installation area field is set to Shortcut.
Refer to the following table for an example:
|
Category |
Value |
Application type |
|---|---|---|
|
Wi-Fi |
A |
Auto application |
|
B |
||
|
VPN |
C |
|
|
Exchange |
D |
Manual application |
|
F |
Device settings can be applied automatically once Knox Manage is activated and the policies are applied. After the application is complete, you can see the results in a notification message.
Preparations
To apply configurations automatically, do the following:
- When using certificates and VPN settings in the Wi-Fi 802.1xEAP framework, install Credential Storage (CS) so that trusted certificates can be stored in advance. CS installation means locking the screen using an option more secure than a password.
- For the Knox VPN setting, install the Vendor Client in advance.
- For the Email and Exchange settings, install the Samsung Email application and agree to receive notifications from the Email application (Galaxy S8 or higher).
- For the Knox workspace, install the VPN Vendor Client in the general area.
Restrictions
In the following cases, manual intervention is still required even configurations are applied automatically.
- A Wi-Fi connection needs to be established in the device settings since devices cannot connect to a Wi-Fi AP automatically.
- To connect a tunnel after installing a VPN or Knox VPN, it must be enabled manually.
- If the user deletes the auto-applied configuration, the deleted configuration is automatically reapplied when the device is manually rebooted or restarted.
Categories of auto application
Configurations applied automatically can be categorized into Cases A, B, and C:
|
Category |
Description |
Application order |
|---|---|---|
|
Case A |
Settings that can be applied and updated immediately after Knox Manage is activated and policies are applied.
|
APN > Bookmark > Wi-Fi > Exchange > Email |
|
Case B |
Settings that can be applied or updated once a screen lock password is set and additional applications or certifications are installed.
|
Wi-Fi > VPN > Knox VPN |
|
Case C |
Settings that must be applied manually by the user from Knox Manage. |
|
The following table provides more information.
|
Settings category |
Android enrollment type |
Knox Workspace |
Type |
CS installation required |
Additional application installation required |
Automation category |
|---|---|---|---|---|---|---|
|
Wi-Fi |
Fully managed/Legacy |
G |
None |
X |
X |
Case A |
|
WEP |
X |
X |
Case A |
|||
|
WPA/WPA2-PSK |
X |
X |
Case A |
|||
|
802.1xEAP |
X |
X |
Case A (When a certificate is not in use) |
|||
|
Legacy |
O |
X |
Case B |
|||
|
Exchange ActiveSync |
Legacy |
G/K |
N/A |
X |
O |
Case A Case B (When a certificate is in use) |
|
|
Legacy |
G/K |
N/A |
X |
O |
Case A |
|
Certificate |
Legacy |
G |
N/A |
O |
X |
Case B |
|
APN |
Legacy |
G |
N/A |
X |
X |
Case A |
|
Bookmark |
Fully managed |
G |
N/A |
X |
X |
Case C |
|
Legacy |
G/K |
N/A |
X |
X |
Case A |
|
|
VPN |
Legacy |
G |
PPTP |
O |
X |
Case B |
|
G |
P2TP/IPSec PSK |
O |
X |
Case B |
||
|
G |
P2TP/IPSec RSA |
O |
X |
Case B |
||
|
G |
IPSec Xauth PSK |
O |
X |
Case B |
||
|
G |
IPS ec Xauth RSA |
O |
X |
Case B |
||
|
G |
IPSe c Hybrid RSA |
O |
X |
Case B |
||
|
Knox VPN |
Legacy |
G/K |
Cisco |
X |
O |
Case C |
|
G/K |
Android VPN Management for Knox |
O |
O |
Case C |
||
|
K |
F5 |
X |
O |
Case B |
||
|
K |
Juniper |
X |
O |
Case B (When a certificate is not in use, auto application is not supported.) |
||
|
K |
NCP engineering GmbH |
X |
O |
Case B |
||
|
K |
Mocana |
X |
O |
Case C |
||
|
SSO |
Legacy |
G/K |
N/A |
X |
O |
Case C |
