Android Management API device enrollment quickstart

Knox Manage supports the following management modes on Android Management API devices:

• Work profile
• Fully managed

You must use the Android Device Policy app to enroll devices and to deploy and manage Android Management API policies on the devices.

For app management, Android Management API makes exclusive use of Managed Google Play. Fully-managed devices enrolled with Android Management API can only install private apps.

You can enroll Android Management API devices with the following provisioning strategies:

• User-based
• Userless

User-based enrollment with Android Management API

A user-based device is associated with a specific user account, and requires the device user to authenticate with their Knox Manage account during the enrollment flow. By default, this strategy uses a QR code to initiate the enrollment flow, but you can also make use of enrollment providers like Knox Mobile Enrollment and Zero-touch.

To enroll a user-based device using a QR code:

Step 1 — Prepare the device for enrollment

1. Factory reset and power off the device.
2. On the Knox Manage console, go to User.
3. Select the user, then click Request Enrollment. An enrollment email with the QR code is sent to the user.

Step 2 — The device user enrolls the device

1. Power on the device.
2. At the welcome screen, tap the screen six times. The QR code reader app automatically installs and launches.
3. Using another device to display the enrollment email, scan the QR code with the device.
4. On the Agree to Terms and Conditions screen, read and acknowledge the terms and conditions. If you agree, the sign-in screen opens with a Samsung Knox Manage logo.
5. Sign in with the user account credentials.

Userless enrollment with Android Management API

A userless device isn’t associated with a single user account — instead, it’s a shared device operated by multiple users or used in multiple enterprise contexts. It supports multiple user accounts, and applies user profiles and settings at the start of their session.

You can enroll a userless device using Knox Mobile Enrollment, Zero-touch enrollment, or by issuing an enrollment token generated by the Knox Manage console.

To enroll a userless device using an enrollment token:

Step 1 — Prepare the device for enrollment

• Factory reset and power off the device.

Step 2 — Generate token and QR code

1. On the Knox Manage console, go to Device Enrollment > Android/Wear OS Token.

2. Click Add to open the Add Token page, and specify the Name, Device Group, and Expiration Period of the token. You can select expiration periods ranging from 1 Day to Unlimited.

3. Back on the Android/Wear OS Token page, click the name of the new token to view its details.

4. Click Download QR Code as PDF and save the file to your file system.

5. Open the PDF.

Step 3 — Enroll the device

1. Power on the device.
2. At the welcome screen, tap the screen six times. The QR code reader app automatically installs and launches.
3. Scan the QR code from the open PDF file displayed on your other system.
4. On the Agree to Terms and Conditions screen, read and acknowledge the terms and conditions. If you agree, the sign-in screen opens with a Samsung Knox Manage logo.

The device is enrolled and awaiting the start of a user session. Device users can now sign in with their user account credentials.