Back to top

Connect to Azure AD

Last updated January 2nd, 2024

Knox Manage can integrate with the Microsoft Graph API for the purposes of connecting your Azure AD services to Knox Manage. This integration is powered by the cloud-based Knox Manage MDM app on the Azure portal.

When configured and connected, the user and group information in your Azure tenant is made available to Knox Manage, similar to how connections deliver directory data through the LDAP protocol. Syncing organizations isn’t currently supported.

Important

In order to enroll Windows devices using methods based on Azure AD, consisting of Azure AD Registered, Azure AD Joined, Windows Out of Box Experience, and Windows Autopilot, you must connect your Knox Manage tenant to your Azure tenant through the Microsoft Graph API. For detailed information about these enrollment methods, see Enroll a Windows device with Entra ID.

Only one Azure AD service is allowed per Knox Manage tenant, so you can’t concurrently sync Azure AD through both the Microsoft Graph API and the LDAP protocol.

Connect your Knox Manage tenant to Azure AD through Microsoft Graph API

Important

  • Follow this procedure only if you are integrating the Azure AD service through the cloud-based app after the Knox Manage 22.08 release.

  • If you already integrated the Azure AD service through the on-premises app before the Knox Manage 22.08 release, skip to the Migrate Azure AD sync through an on-premises app to a cloud-based app section instead.

To connect Knox Manage with Azure AD through the Microsoft Graph API:

  1. On the Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and MAM) page.

  4. Go to the Overview page.

  5. In the Basic information section, copy your Tenant ID.

  6. On the Knox Manage console, go to Setting > Identity & Directory > Connection.

  7. Click Add.

  8. On the Add Connection page, enter information required for specifying the basic information about a connection.

    1. Connection Type — Select Azure AD (Graph API) as a directory type to connect.

    2. Connection Name — Enter the connection name; up to 25 characters consisting of letters, numbers, and special characters (- or _ only). This name is used to distinguish each connection and also used when selecting connection in User, Group.

    3. Target — Select sync targets for your Azure AD integration:

      • User — Select this option to allow integration at the user level.

      • Group — Select this option to allow integration by groups. Selecting Group automatically selects User as well.

    4. Scheduler — Select Use if you want to schedule automatic syncs. In the Schedule tab under it, fill in the details of the sync schedule:

      Field Description
      Time Zone Click the drop-down menu and select the time zone to use for the automatic synchronization. You can change the default in Setting > Configuration > Basic Configuration.
      Sync Interval Click the drop-down menu and select a connection interval from Once, Hourly, Daily, Weekly, Monthly, or Advanced Settings. If you select Advanced Settings, set a regular interval in month, week, day, or hour format using cron expressions, following the examples given on the screen.
      Time Set the start time for the connection.
      Start Date Set the start date for the connection.
      Target of Scheduler Click the check box next to User or Group as the target information to retrieve from the directory through the scheduled connection.
    5. Click the Server tab and enter information required for integration with MS Azure AD server information using Azure AD Integration Setting.

    6. Paste your Azure tenant ID into the Directory ID field.

    7. Click Verify. After a few moments, a notification displays that your connection has been requested. Your Azure AD information shows at the top of the page.

    1. Click Save and Sync.

Migrate Azure AD sync through an on-premises app to a cloud-based app

Prior to Knox Manage 22.08, released on August 17, 2022, the Azure AD integration with Knox Manage was accomplished using an on-premises technology stack. This older method of integration is no longer supported. If you connected your Azure tenant to your Knox Manage tenant prior to Knox Manage 22.08, you must migrate to the cloud-based integration to continue syncing your Active Directory information.

To migrate to Azure AD Integration from an on-premises app to a cloud-based app:

  1. On the Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and MAM) page.

  4. On the Knox Manage console, go to Setting > Identity & Directory > Connection > Connection Details > Server field, and click Switch to MDM Application.

Connection Details page

See also

Is this page helpful?