Back to top

Connection overview

Last updated February 5th, 2024

You can connect Knox Manage to various third-party directory and identity provider services that manage enterprise employee authentication and employee information, such as user IDs. This enables sync of required information between Knox Manage and the enterprise directories, and also helps authenticate users when they sign in to enrolled devices.

Depending on your enterprise’s directory services and the user types defined by your identity providers, you can configure various settings for sync and authentication. The following table provides information about the directory integrations supported by Knox Manage.

Connection type Supported sync Supported protocol Support for MFA Description
Knox Manage server N/A N/A N/A Click User in the Knox Manage console and manually add users
On-premises AD
  • User
  • Group
  • Organization
  • (Sync) LDAP
  • (Auth) Kerberos
N/A
  • For user data sync, set LDAP server as On-prem AD. For details, see Connect to AD/LDAP.
  • To sync Knox Manage data with the enterprise and cloud servers, Samsung provides a secure Cloud Connector data transfer channel. For details, see Using Cloud Connector.
Azure AD Domain Service
  • User
  • Group
  • Organization
  • (Sync) LDAP
  • (Auth) Kerberos
N/A For user data sync, set LDAP server as Azure AD Domain Service. For details, see Connect to AD/LDAP.
Azure AD
  • User
  • Group
  • (Sync) Microsoft Graph API
  • (Auth) OIDC
Yes For user data sync and authorization, connect to Azure AD by integrating with Microsoft Graph API. For details, see Connect to Azure AD.
Okta
  • User
  • Group
  • (Sync) SCIM
  • (Auth) OIDC
Yes For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Okta.
Ping Identity
  • User
  • Group
  • (Sync) SCIM
  • (Auth) OIDC
Yes For user sync, SCIM provisioning setting is required. For user authorization, OIDC authentication setting is required. For details, see Connect to Ping Identity.

Consider the following while setting up your integrations:

  • OIDC-based IDP direct authentication is newly supported in modern IDPs, such as Azure AD, Okta, and Ping Identity.

    • Okta and Ping Identity require additional OIDC settings to support IDP direct authentication and MFA.

    • For Azure AD, OIDC authentication is covered under the Azure AD integration settings, and additional settings are not required.

  • Multi Factor Authentication (MFA), supported in the modern IDPs Azure AD, Okta and Ping Identity, is set directly in each IDP server. Knox Manage follows the MFA set in the IDP server.

    Note

    On Android, only fully managed devices support MFA. Support for Android devices with a work profile is in active development.

Is this page helpful?