Back to top
Home / Knox Manage / Configure / Identity & Directory /

Connect to Microsoft Entra ID

Last updated January 10th, 2025

Knox Manage can integrate with the Microsoft Graph API for the purposes of connecting your Microsoft Entra ID services (previously Azure AD) to Knox Manage. This integration is powered by the cloud-based Knox Manage MDM app on the Microsoft Entra portal.

When configured and connected, the user and group information in your Microsoft Entra tenant is made available to Knox Manage, similar to how connections deliver directory data through the LDAP protocol. Syncing organizations isn’t currently supported.

In order to enroll Windows devices using methods based on Microsoft Entra ID, such as Microsoft Entra registered, Microsoft Entra joined, Windows Out of Box Experience, and Windows Autopilot, you must connect your Knox Manage tenant to your Microsoft Entra ID tenant through the Microsoft Graph API. For detailed information about these enrollment methods, see Enroll a Windows device with Entra ID.

Only one Microsoft Entra ID service is allowed per Knox Manage tenant, so you can’t concurrently sync Microsoft Entra ID through both the Microsoft Graph API and the LDAP protocol.

Connect your Knox Manage tenant to Microsoft Entra ID through Microsoft Graph API

To connect Knox Manage with Microsoft Entra ID through the Microsoft Graph API:

  1. On the Microsoft Entra portal, go to Microsoft Entra ID > Settings > Mobility (MDM and WIP) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and WIP) page.

  4. Go to the Overview page.

  5. In the Basic information section, copy your Tenant ID.

  6. On the Knox Manage console, go to Setting > Identity & Directory > Connection.

  7. Click Add.

  8. On the Add Connection page, enter information required for specifying the basic information about a connection.

    1. Connection Type — Select Microsoft Entra ID (Graph API) as a directory type to connect.

    2. Connection Name — Enter the connection name; up to 25 characters consisting of letters, numbers, and special characters (- or _ only). This name is used to distinguish each connection and also used when selecting connection in User, Group.

    3. Target — Select sync targets for your Microsoft Entra ID integration:

      • User — Select this option to allow integration at the user level.

      • Group — Select this option to allow integration by groups. Selecting Group automatically selects User as well.

    4. Scheduler — Select Use if you want to schedule automatic syncs. In the Schedule tab under it, fill in the details of the sync schedule:

      Field Description
      Time Zone Click the drop-down menu and select the time zone to use for the automatic synchronization. You can change the default in Setting > Configuration > Basic Configuration.
      Sync Interval Click the drop-down menu and select a connection interval from Once, Hourly, Daily, Weekly, Monthly, or Advanced Settings. If you select Advanced Settings, set a regular interval in month, week, day, or hour format using cron expressions, following the examples given on the screen.
      Time Set the start time for the connection.
      Start Date Set the start date for the connection.
      Target of Scheduler Click the check box next to User or Group as the target information to retrieve from the directory through the scheduled connection.

    5. Click the Server tab and enter information required for integration with Microsoft Entra ID server information using the Microsoft Entra ID Integration setting.

    6. Paste your Microsoft Entra tenant ID into the Directory ID field.

    7. Click Verify. After a few moments, a notification displays that your connection has been requested. Your Microsoft Entra ID information shows at the top of the page.

    1. Click Save and Sync.

Migrate Microsoft Entra ID sync through an on-premises app to a cloud-based app

Prior to Knox Manage 22.08, released on August 17, 2022, the Microsoft Entra ID integration with Knox Manage was accomplished using an on-premises technology stack. This older method of integration is no longer supported. If you connected your Azure tenant to your Knox Manage tenant prior to Knox Manage 22.08, you must migrate to the cloud-based integration to continue syncing your Active Directory information.

To migrate to Microsoft Entra ID integration from an on-premises app to a cloud-based app:

  1. On the Microsoft Entra portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and MAM) page.

  4. On the Knox Manage console, go to Setting > Identity & Directory > Connection > Connection Details > Server field, and click Switch to Cloud Based MDM App.

Connection Details page

See also

On this page

Is this page helpful?