Back to top
Home / Knox Manage / Configure / Identity & Directory /

Connect to Microsoft Entra ID

Last updated February 20th, 2025

Knox Manage integrates with the Microsoft Graph API, allowing you to connect your Microsoft Entra ID services to Knox Manage. This integration provides access to user and group information in your Microsoft Entra tenant.

When configured, this connection makes directory data available to Knox Manage, similar to LDAP connections. A single Microsoft Entra ID service is allowed per Knox Manage tenant, so you can’t concurrently sync Microsoft Entra ID through both the Microsoft Graph API and the LDAP protocol. Note that syncing organizations is not currently supported.

To integrate with the Microsoft Graph API for purposes such as enrolling Windows devices using methods based on Microsoft Entra ID (like Microsoft Entra registered, Microsoft Entra joined, Windows Out of Box Experience, and Windows Autopilot), you must connect your Knox Manage tenant to your Microsoft Entra ID tenant. For a step-by-step guide on how to do this, follow the procedure in the Connect your Knox Manage tenant to Microsoft Entra ID through Microsoft Graph API section if you are integrating the Azure AD service through the cloud-based app.

To enroll Windows devices using methods based on Microsoft Entra ID, you must connect your Knox Manage tenant to your Microsoft Entra ID tenant through the Microsoft Graph API. For detailed information about these enrollment methods, see Enroll a Windows device with Entra ID.

Non-gallery (on-premises) MDM app tokens expired in October 2024. If you previously integrated Microsoft Entra ID using a non-gallery MDM app, you must re-integrate using a gallery (cloud-based) MDM app. See Migrate Microsoft Entra ID sync through an on-premises app to a cloud-based app for details.

Connect your Knox Manage tenant to Microsoft Entra ID through Microsoft Graph API

To connect Knox Manage with Microsoft Entra ID through the Microsoft Graph API:

  1. On the Microsoft Entra portal, go to Microsoft Entra ID > Settings > Mobility (MDM and WIP) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and WIP) page.

  4. Go to the Overview page.

  5. In the Basic information section, copy your Tenant ID.

  6. On the Knox Manage console, go to Setting > Identity & Directory > Connection.

  7. Click Add.

  8. On the Add Connection page, enter information required for specifying the basic information about a connection.

    1. Connection Type — Select Microsoft Entra ID (Graph API) as a directory type to connect.

    2. Connection Name — Enter the connection name. This name is used to distinguish each connection, and is also used when selecting a connection in User or Group.

      The connection name can be between 1-25 characters consisting of letters, numbers, and special characters ("-" or “_” only).

    3. Target — Select sync targets for your Microsoft Entra ID integration:

      • User — Select this option to allow integration at the user level.

      • Group — Select this option to allow integration by groups. Selecting Group automatically selects User as well.

    4. Scheduler — Select Use if you want to schedule automatic syncs. In the Schedule tab under it, fill in the details of the sync schedule:

      • Time Zone — Click the drop-down menu and select the time zone to use for the automatic synchronization. You can change the default in Setting > Configuration > Basic Configuration.

      • Sync Interval — Click the drop-down menu and select a connection interval from Once, Hourly, Daily, Weekly, Monthly, or Advanced Settings. If you select Advanced Settings, set a regular interval in month, week, day, or hour format using cron expressions, following the examples given on the screen.

      • Time — Set the start time for the connection.

      • Start Date — Set the start date for the connection.

      • Target of Scheduler — Click the check box next to User or Group as the target information to retrieve from the directory through the scheduled connection.

    5. Click the Server tab and enter information required for integration with Microsoft Entra ID server information using the Microsoft Entra ID Integration setting.

    6. Paste your Microsoft Entra tenant ID into the Directory ID field.

    7. Click Verify. After a few moments, a notification displays that your connection has been requested. Your Microsoft Entra ID information shows at the top of the page.

    1. Click Save and Sync.

Migrate Microsoft Entra ID sync through an on-premises app to a cloud-based app

Before Knox Manage 22.08 (released on August 17, 2022), Microsoft Entra ID integration with Knox Manage was done using a non-gallery (on-premises) MDM app. However, this older method of integration is no longer supported. If you connected your Azure tenant to your Knox Manage tenant prior to Knox Manage 22.08, you must migrate to the integration using a gallery (cloud-based) MDM app to continue syncing your Active Directory information.

To migrate to Microsoft Entra ID integration from an on-premises app to a cloud-based app:

  1. On the Microsoft Entra portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens.

  2. Find and click Samsung Knox Manage.

  3. Click Add to confirm. The app appears in the list of apps on the Mobility (MDM and MAM) page.

  4. On the Knox Manage console, go to the Setting > Identity & Directory > Connection > Connection Details > Server field, and click Switch to Cloud Based MDM App.

Connection Details page

See also

On this page

Is this page helpful?