Back to top
Home / Knox Manage / Configure / Identity & Directory /

Connection overview

Last updated April 3rd, 2024

You can connect Knox Manage to various third-party directory and identity provider services that manage enterprise employee authentication and employee information, such as user IDs. This enables sync of required information between Knox Manage and the enterprise directories, and also helps authenticate users when they sign in to enrolled devices.

Depending on your enterprise’s directory services and the user types defined by your identity providers, you can configure various settings for sync and authentication. The following table provides information about the directory integrations supported by Knox Manage.

Connection type Supported sync Supported protocol Support for MFA Description
Knox Manage server N/A N/A N/A Click User in the Knox Manage console and manually add users
On-premises AD
  • User
  • Group
  • Organization
  • (Sync) LDAP
  • (Auth) Kerberos
 N/A
  • For user data sync, set LDAP server as On-prem AD. For details, see Connect to AD/LDAP.
  • To sync Knox Manage data with the enterprise and cloud servers, Samsung provides a secure Cloud Connector data transfer channel. For details, see Using Cloud Connector.
Microsoft Entra Domain Service
  • User
  • Group
  • Organization
  • (Sync) LDAPS
  • (Auth) Kerberos
 N/A For user data sync, set LDAPS server as Microsoft Entra Domain Service. For details, see Connect to AD/LDAP.
Microsoft Entra ID
  • User
  • Group
  • (Sync) Microsoft Graph API
  • (Auth) OIDC
 Yes For user data sync and authorization, connect to Microsoft Entra ID by integrating with Microsoft Graph API. For details, see Connect to Microsoft Entra ID.
Okta
  • User
  • Group
  • (Sync) SCIM
  • (Auth) OIDC
 Yes For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Okta.
Ping Identity
  • User
  • Group
  • (Sync) SCIM
  • (Auth) OIDC
 Yes For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Ping Identity.

Consider the following while setting up your integrations:

  • OIDC-based IDP direct authentication is newly supported in modern IDPs, such as Microsoft Entra ID, Okta, and Ping Identity.

    • Okta and Ping Identity require additional OIDC settings to support IDP direct authentication and MFA.

    • For Microsoft Entra ID, OIDC authentication is covered under the Microsoft Entra ID integration settings, and additional settings are not required.

  • Multi Factor Authentication (MFA), supported in the modern IDPs Microsoft Entra ID, Okta and Ping Identity, is set directly in each IDP server. Knox Manage follows the MFA set in the IDP server.

Is this page helpful?