Enroll a single device

Send a Knox Manage application installation guide to users via email or SMS through the Knox Manage admin portal. Also, users can directly download the Knox Manage application and enroll their devices. For Android Enterprise (AE) devices, you can use a token or QR code to enroll the devices.

Enrolling general devices (Android Legacy, iOS and Windows)

Send a Knox Manage application installation guide to users via email or SMS through the Knox Manage admin portal. Also, users can directly download Knox Manage application from their public application stores.

1. Select one of the following methods to send the Knox Manage application installation guide to users.

• Sending the Email_Agent Installation template to send QR code via email, allowing users to install the Knox Manage application on their devices. For more information, see Send templates or user notifications to users using email.
• Sending the installation URL address or QR code via email or SMS. For more information, see Send enrollment guides to users using email and SMS.

Also, users can directly search for the Knox Manage agent application from their public app store and download it.

2. Install Knox Manage application by clicking the URL address or scanning the QR code depending on the request methods, and then launch the Knox Manage application on the device.

3. On the log in screen, enter a user ID and password to sign in to Knox Manage. If you log in to Knox Manage successfully, the profiles, policies and applications will be applied to the device.

Enrolling Android Enterprise (AE) devices

Knox Manage supports the following Android Enterprise (AE) manage types. Each manage type can be enrolled differently.

• Fully Managed type: This type allows you to control the whole corporate owned device using Knox Manage. To activate as a Fully Managed type, the device must be factory reset.
• Fully Managed with Work Profile type: This type, a combination of the Fully Managed and Work Profile types, allows you to control corporate owned devices. You can manage the device’s personal area by sending device commands while controlling business applications and data within the separate Work Profile. Users can install and use personal applications on their device’s personal area, and, in this case, Knox Manage cannot control applications installed in the personal area or their data.
• Work Profile type: This type allows you to control personal devices (BYOD). In this case, Knox Manage only manages the Work Profile, which is the work area separated from the personal area, on the device.

Enrolling as the Fully Managed type

Enroll Android Enterprise (AE) devices in the Fully Managed type to control the whole area of the device. The device should be factory reset in advance. Select one of the following methods.

Method	Supported version
Use a token (afw#KnoxManage). For more information, see Use a token below.	Android 6.0 (Marshmallow) or later
Use a QR code sent via Email. For more information see Use a QR code below.	Android 7.0 (Nougat) or later

Use a token

Enter the token (afw#KnoxManage) to enroll the Android Enterprise (AE) devices in the Fully Managed or Fully Manage with Work Profile type. If the token is applied successfully, the Knox Manage app will be automatically installed on the device.

To enroll using a token, complete the following steps:

1. Turn on the factory reset device, and then on the device screen, tap START.

2. On the “Connect to Wi-Fi” screen, select an available Wi-Fi network, and then tap NEXT.

3. On the “Agree to Terms and Conditions” screen, read the terms and conditions, and then tap the checkbox next to “I have read and agree to all of the above”. Then, tap Agree. The device will check for updates and the updated will be applied.

4. On the “Sign in” screen, enter “afw#KnoxManage” in the Email or phone field, and then tap Next.

5. On the “Android Enterprise” screen, tap Install to download the Knox Manage application on the device. The Knox Manage application will be downloaded and launched automatically.

6. On the “Set up your device” screen of the Knox Manage agent, read the privacy policy of Knox Manage and Google, and then tap Accept & continue. The Knox Manage application will launch automatically.

7. On the “Sign in with your Samsung Knox Manage Account” screen, enter a user ID and password, and then tap SIGN IN to sign in to Knox Manage. Depending on the profiles applied to the device, the device will be enrolled as the Fully Managed or Fully Managed with Work Profile type.

Use a QR code

Use a QR code sent via email to enroll the devices as the Fully Managed or Fully Managed with Work Profile type. For more information on sending a QR code, see Sending enrollment guides to users via email and SMS.

To enroll using a QR code, complete the following steps:

1. Turn on the factory reset device, and then, on the welcome screen, tap the screen 5 times to launch QR code enrollment. The QR Reader app will be downloaded and the device camera will launch to scan the QR code automatically.

2. Scan the QR code sent by email. The Knox Manage URL and tenant information included in the QR code will be detected.

3. On the “Connect to Wi-Fi” screen, select an available Wi-Fi network, and then tap NEXT.

4. On the “Agree to Terms and Conditions” screen, read the terms and conditions, and then tap the checkbox next to “I have read and agree to all of the above.” Then, tap Agree. The Knox Manage application will launch automatically.

5. On the “Sign in with your Samsung Knox Manage Account” screen, enter a user ID and password, and then tap SIGN IN to sign in to Knox Manage. Depending on the profiles applied to the device, the device will be enrolled as the Fully Managed or Fully Managed with Work Profile type.

Enrolling as the Fully Managed with Work Profile type

Enroll the Android Enterprise (AE) devices as the Fully Managed with Work Profile type to control the separate work and personal areas. The enrollment methods are the same as those for the Fully Managed type, but the applied profile should be set as Create Work Profile on Fully Managed. For more information, see Create a new profile.

NOTE

• For devices running Android 10 (Q) or higher, tap the enrollment notification on the status bar to install the Work Profile manually.
• KSP policies are not applicable to the Fully Managed with Work Profile type. For devices that are enrolled as the Fully Managed type with KSP policies applied, these policies can remain even after the device type changes to the Fully Managed with Work Profile type. It is recommended to remove them manually.

Method	Supported version
Use a token (afw#KnoxManage). For more information, see Use a token.	Android 6.0 (Marshmallow) or higher
Use a QR code sent via Email. For more information see Use a QR code.	Android 7.0 (Nougat) or higher

Enrolling as the Work Profile type

To enroll the Android Enterprise (AE) devices as the Work Profile type, provide an installation guide to the users to install the Knox Manage application on the devices. You can send an installation guide via email or SMS or users can download the Knox Manage application directly from their public app store.

To enroll AE devices as Work Profile devices, complete the following steps:

1. On the device screen, tap the installation URL address sent to users via email or SMS to download and install the Knox Manage application on the device.

   NOTE—You can also search for the Knox Manage application from the Google Play Store to download and install it on the AE device.

2. On the device, launch the Knox Manage application.

3. On the “Sign in with your Samsung Knox Manage Account” screen, enter a user ID and password, and then tap SIGN IN to sign in to Knox Manage.

   NOTE—For devices running Android 10 (Q) or higher, tap the enrollment notification on the status bar to install the Work Profile manually.

4. On the “Set up a work profile” screen, read the privacy policy of Knox Manage, and then tap Agree. The work applications with the briefcase badge icons, which can be managed by Knox Manage, will appear on the device.