List of environment settings
Last updated March 27th, 2025
On this tab
The environment settings by category are as follows. All options have default values and the values can be modified.
Preferences
Country/Time
| Setting | Description |
|---|---|
| Default Country Code | Select the country of your tenant. The country code and the corresponding language are used for user agreements, privacy policy, admin and user enrollment, and public app enrollment on devices. |
| Time Zone | Select the time zone of the Knox Manage server. Based on the time zone, the information on the Knox Manage console is displayed, tasks and events scheduled by admins are performed, and user and device statistics are collected. |
| Date Format | Set the date format to be applied to all screens that show dates, such as the Last Updated field. |
Logo
For more information about setting the logo, see Set the logo.
| Setting | Description |
|---|---|
| Logo Image | Click Select Image and upload the image file of your company logo. The image must be a GIF, JPG, PNG, or BMP file. The file can’t be larger than 190 x 33 and must be 1 MB or lower. Click Default to use the default image as your company logo. |
| Header Color | Click the color box and set a color for the header. |
| Header Font Color | Click the color box and set a color for the header text. |
| Preview | Preview the company logo. |
Authentication/Login
Configure the settings about the login environment and the admin account.
| Setting | Description |
|---|---|
| Two-Factor Authentication | Enable the use of OTP authentication as well as an account ID and password when admins sign in to the Knox Manage console. For OTP authentication, the admin's mobile phone number or email address is required. |
| Allow Multi-point Logins | Allow concurrent sign-ins on the Knox Manage console. |
| Action When Admin Login Fails |
Select the response of the Knox Manage server when there are successive failed login attempts.
|
| Maximum Failed Login Attempts |
Enter the maximum number of failed sign-in attempts. When users exceed the maximum, their accounts are locked. You can enter a value from 3 to 10. |
| Inactivity Limit on Admin Accounts (days) |
Enter an inactivity limit for admin accounts. If sub-admins or read-only admins don't sign in for longer than the limit you set, their accounts are locked. To unlock their accounts, they must ask the super admin. You can enter a value from 10 to 9999. |
| Maximum Session Timeout (min) |
Enter the maximum session time limit for the Knox Manage console. If the limit is exceeded, you are signed out automatically. You can enter a value from 1 to 60. |
Device
Device
Configure the device management settings.
| Setting | Description |
|---|---|
| Update the KM Agent for Android |
Specify the method for updating the Knox Manage Agent on Android devices. You can choose from the following options:
Even if this option is set to Manual or User consent, if the Auto Update Apps on Android Enterprise setting is set to Always auto update, then the Knox Manage agent is automatically updated. |
| Based on Last Seen (time) |
Enter the standard time gap for connection of the device and server. This standard is used for displaying information in the Last Seen column of the device list in the Device menu.
The value is entered in hours. |
| Limited Enrollment | Enable enrollment of mobile devices using their IMEI or serial numbers. |
| Limited Enrollment for KME Devices | Enable enrollment of KME devices using their IMEI or serial numbers. Only devices registered through Knox Mobile Enrollment can be enrolled in Knox Manage. Devices cannot be enrolled in Knox Manage through manual registration or the Zero Touch method. |
| Device Location View Period (days) |
Enter the number of days to store location data (defaults to 30 days; minimum: 5 days; maximum: 180 days). You will only be able to view device locations from within your specified timeframe – for example, if you enter 45, you can view device locations over the previous 45 days (including the day of your query). |
| Maximum Number of Active Devices per User | Select the number of devices that can be enrolled per user. |
| APNs Topic for iOS |
When you register an APNs certificate on the console, this value is automatically entered. If the value is different from the value in the Current Subject Name field in Setting > iOS > APNs Setting:
|
| Daily retries for device commands in queue |
Select how many notifications you will receive per day to send device commands which are sent but not applied successfully.
Unapplied device commands are listed in History > Device Command in Request. |
| Camera Option from Lock Screen for iOS | Enable the camera feature on iOS devices when the device screen is locked. |
| User Enrollment for iOS | Enable enrollment of personally-owned Apple devices. For more details about this type of enrollment, see Apple User Enrollment quickstart. |
| Delete App upon Unenrollment | Uninstall apps from a device to when the device is unenrolled. The deletion targets are internal apps for Android devices and all apps installed through Knox Manage for iOS devices. |
| Delete Content upon Unassignment |
For target devices that content sensitive or confidential date that is compromised if the device is unenrolled or unassigned, IT admins can use this option to automatically delete content upon unassignment. Content can be unassigned from a device in the following ways:
|
| Notification that policy is not applied | Enable sending a notification to the device when no profile is applied to a group or organization. When the user turns off the alarm in the device's setting menu, notifications on whether the profile is applied do not show. |
| Direct boot command polling interval for Android (min) |
Set the polling cycle to send the Knox Manage command for Android devices. If the polling interval is 0, polling will not be performed. However, polling is executed once after the Knox Manage Agent is started. |
Inventory Schedule
Configure the interval to collect the device inventory by platform.
| Setting | Description |
|---|---|
| Inventory Collection Interval for Android (hr) |
Enter the interval for collecting the inventory information for Android devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). To set an interval for collecting the location data of Android devices, navigate to Profile. Click a profile name and click Modify Policy > Android Enterprise or Android (Legacy) > Location Settings > Device location collection. For more information, see Location (Android Enterprise) or Location (Android Legacy). |
| Inventory Collection Interval for iOS (hr) |
Enter the interval for collecting the inventory information for iOS devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). |
| Inventory Collection Interval for Windows (hr) |
Enter the interval for collecting the inventory information for Windows devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). |
App & Service Desk
Application
Configure app deletion.
| Setting | Description |
|---|---|
| Manage Deletion |
Select the area to delete apps from.
|
Knox Manage App Store
Configure the activation of the review feature in the Knox Manage agent’s app store.
| Setting | Description |
|---|---|
| Knox Manage App Store Review | Enable users to rate and write reviews for apps in the agent’s app store. |
Service Desk
Enter the service desk information displayed on devices.
| Setting | Description |
|---|---|
| Service Desk Email | Enter the service desk email address. |
| Service Desk Phone | Enter the service desk phone number. |
Content
Configure content settings.
| Setting | Description |
|---|---|
| Allowed File Extensions |
Lets you configure whether to allow or disallow uploading content files depending on the file extension. Available options are:
|
| > Allowlist | Only appears if you selected Allowed File Extensions > Allowlist. Lets you enter a list of file extensions you want to allow for content files. |
| > Denylist | Only appears if you selected Allowed File Extensions > Denylist. Lets you enter a list of file extensions you want to disallow for content files. |
Cloud Connector
Use the Secret Token when you install Samsung Cloud Connector client for a customer.
You can click Revoke to invalidate an existing secret token and click Generate to create a new one.
This document was updated for the Knox cloud services 25.04 UAT.
On this tab
The environment settings by category are as follows. All options have default values and the values can be modified.
Preferences
Country/Time
| Setting | Description |
|---|---|
| Default Country Code | Select the country of your tenant. The country code and the corresponding language are used for user agreements, privacy policy, admin and user enrollment, and public app enrollment on devices. |
| Time Zone | Select the time zone of the Knox Manage server. Based on the time zone, the information on the Knox Manage console is displayed, tasks and events scheduled by admins are performed, and user and device statistics are collected. |
| Date Format | Set the date format to be applied to all screens that show dates, such as the Last Updated field. |
Logo
For more information about setting the logo, see Set the logo.
| Setting | Description |
|---|---|
| Logo Image | Click Select Image and upload the image file of your company logo. The image must be a GIF, JPG, PNG, or BMP file. The file can’t be larger than 190 x 33 and must be 1 MB or lower. Click Default to use the default image as your company logo. |
| Header Color | Click the color box and set a color for the header. |
| Header Font Color | Click the color box and set a color for the header text. |
| Preview | Preview the company logo. |
Authentication/Login
Configure the settings about the login environment and the admin account.
| Setting | Description |
|---|---|
| Two-Factor Authentication | Enable the use of OTP authentication as well as an account ID and password when admins sign in to the Knox Manage console. For OTP authentication, the admin's mobile phone number or email address is required. |
| Allow Multi-point Logins | Allow concurrent sign-ins on the Knox Manage console. |
| Action When Admin Login Fails |
Select the response of the Knox Manage server when there are successive failed login attempts.
|
| Maximum Failed Login Attempts |
Enter the maximum number of failed sign-in attempts. When users exceed the maximum, their accounts are locked. You can enter a value from 3 to 10. |
| Inactivity Limit on Admin Accounts (days) |
Enter an inactivity limit for admin accounts. If sub-admins or read-only admins don't sign in for longer than the limit you set, their accounts are locked. To unlock their accounts, they must ask the super admin. You can enter a value from 10 to 9999. |
| Maximum Session Timeout (min) |
Enter the maximum session time limit for the Knox Manage console. If the limit is exceeded, you are signed out automatically. You can enter a value from 1 to 60. |
Device
Device
Configure the device management settings.
| Setting | Description |
|---|---|
| Update the KM Agent for Android |
Specify the method for updating the Knox Manage Agent on Android devices. You can choose from the following options:
Even if this option is set to Manual or User consent, if the Auto Update Apps on Android Enterprise setting is set to Always auto update, then the Knox Manage agent is automatically updated. |
| Based on Last Seen (time) |
Enter the standard time gap for connection of the device and server. This standard is used for displaying information in the Last Seen column of the device list in the Device menu.
The value is entered in hours. |
| Limited Enrollment | Enable enrollment of mobile devices using their IMEI or serial numbers. |
| Limited Enrollment for KME Devices | Enable enrollment of KME devices using their IMEI or serial numbers. Only devices registered through Knox Mobile Enrollment can be enrolled in Knox Manage. Devices cannot be enrolled in Knox Manage through manual registration or the Zero Touch method. |
| Device Location View Period (days) |
Enter the number of days to store location data (defaults to 30 days; minimum: 5 days; maximum: 180 days). You will only be able to view device locations from within your specified timeframe – for example, if you enter 45, you can view device locations over the previous 45 days (including the day of your query). |
| Maximum Number of Active Devices per User | Select the number of devices that can be enrolled per user. |
| APNs Topic for iOS |
When you register an APNs certificate on the console, this value is automatically entered. If the value is different from the value in the Current Subject Name field in Setting > iOS > APNs Setting:
|
| Daily retries for device commands in queue |
Select how many notifications you will receive per day to send device commands which are sent but not applied successfully.
Unapplied device commands are listed in History > Device Command in Request. |
| Camera Option from Lock Screen for iOS | Enable the camera feature on iOS devices when the device screen is locked. |
| User Enrollment for iOS | Enable enrollment of personally-owned Apple devices. For more details about this type of enrollment, see Apple User Enrollment quickstart. |
| Delete App upon Unenrollment | Uninstall apps from a device to when the device is unenrolled. The deletion targets are internal apps for Android devices and all apps installed through Knox Manage for iOS devices. |
| Delete Content upon Unassignment |
For target devices that content sensitive or confidential date that is compromised if the device is unenrolled or unassigned, IT admins can use this option to automatically delete content upon unassignment. Content can be unassigned from a device in the following ways:
|
| Notification that policy is not applied | Enable sending a notification to the device when no profile is applied to a group or organization. When the user turns off the alarm in the device's setting menu, notifications on whether the profile is applied do not show. |
| Direct boot command polling interval for Android (min) |
Set the polling cycle to send the Knox Manage command for Android devices. If the polling interval is 0, polling will not be performed. However, polling is executed once after the Knox Manage Agent is started. |
Inventory Schedule
Configure the interval to collect the device inventory by platform.
| Setting | Description |
|---|---|
| Inventory Collection Interval for Android (hr) |
Enter the interval for collecting the inventory information for Android devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). To set an interval for collecting the location data of Android devices, navigate to Profile. Click a profile name and click Modify Policy > Android Enterprise or Android (Legacy) > Location Settings > Device location collection. For more information, see Location (Android Enterprise) or Location (Android Legacy). |
| Inventory Collection Interval for iOS (hr) |
Enter the interval for collecting the inventory information for iOS devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). |
| Inventory Collection Interval for Windows (hr) |
Enter the interval for collecting the inventory information for Windows devices. You can enter a value from 4 to 24 or 0 (the device inventory is not collected). |
App & Support
Application
Configure app deletion.
| Setting | Description |
|---|---|
| Manage Deletion |
Configures where you can delete apps from. Available options are:
Regardless of your selection, Android Management API apps are always deleted using the Console + Device option. Chrome OS apps are always deleted using the Console option. |
Knox Manage App Store
Configure the activation of the review feature in the Knox Manage agent’s app store.
| Setting | Description |
|---|---|
| Knox Manage App Store Review |
Allows device users to rate apps and write app reviews in the Knox Manage agent's app store. Options are:
|
Support
| Setting | Description |
|---|---|
| Email Address | Allows you to enter the Support email address, which is displayed in the Knox Manage agent's Support screen. |
| Phone Number | Allows you to enter the Support phone number, which is displayed in the Knox Manage agent's Support screen. |
Content
Configure content settings.
| Setting | Description |
|---|---|
| Allowed File Extensions |
Lets you configure whether to allow or disallow uploading content files depending on the file extension. Available options are:
|
| > Allowlist | Only appears if you selected Allowed File Extensions > Allowlist. Lets you enter a list of file extensions you want to allow for content files. |
| > Denylist | Only appears if you selected Allowed File Extensions > Denylist. Lets you enter a list of file extensions you want to disallow for content files. |
Cloud Connector
Use the Secret Token when you install Samsung Cloud Connector client for a customer.
You can click Revoke to invalidate an existing secret token and click Generate to create a new one.
Is this page helpful?
Thank you for your feedback!