- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
Sync user information with Azure AD through Microsoft Graph API
Knox Manage can integrate with the Microsoft Graph API for the purposes of connecting your Azure AD services to Knox Manage. This integration is powered by the cloud-based Knox Manage MDM app on the Azure portal.
When configured and connected, the user and group information in your Azure tenant is made available to Knox Manage, similar to how sync services deliver directory data through the LDAP protocol. Syncing organizations isn't currently supported.
IMPORTANT — In order to enroll Windows devices using methods based on Azure AD, consisting of Azure AD Registered, Azure AD Joined, Windows Out of Box Experience, and Windows Autopilot, you must connect your Knox Manage tenant to your Azure tenant through the Microsoft Graph API. For detailed information about these enrollment methods, see Enroll a Windows device with Azure AD.
Only one Azure AD service is allowed per Knox Manage tenant, so you can't concurrently sync Azure AD through both the Microsoft Graph API and the LDAP protocol.
Connect your Knox Manage tenant to Azure AD through Microsoft Graph API
IMPORTANT —
- Follow this procedure only if you are integrating the Azure AD service through the cloud-based app after the Knox Manage 22.08 release.
- If you already integrated the Azure AD service through the on-premises app before the Knox Manage 22.08 release, skip to the Migrate Azure AD sync through an on-premises app to a cloud-based app section instead.
To connect Knox Manage with Azure AD through the Microsoft Graph API:
- On the Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens.
- Find and click Samsung Knox Manage.
- Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and MAM) page.
- Go to the Overview page.
- In the Basic information section, copy your Tenant ID.
- On the Knox Manage console, go to Advanced > Azure AD Integration.
- Paste your Azure tenant ID into the Directory ID field.
- Click Verify. After a few moments, your Azure AD information shows at the top of the page.
- Click Add for Sync Service Setting at the bottom of the page.
- Click Save and Sync after linking the Microsoft Graph API as a sync service.
Migrate Azure AD sync through an on-premises app to a cloud-based app
Prior to Knox Manage 22.08, released on August 17, 2022, the Azure AD integration with Knox Manage was accomplished using an on-premises technology stack. This older method of integration is no longer supported. If you connected your Azure tenant to your Knox Manage tenant prior to Knox Manage 22.08, you must migrate to the cloud-based integration to continue syncing your Active Directory information.
To migrate to Azure AD Integration from an on-premises app to a cloud-based app:
- On the Azure portal, go to Azure Active Directory > Mobility (MDM and MAM) > Add Application. The Add an application page opens
- Find and click Samsung Knox Manage.
- Click Add to confirm. The app appears in the list of apps back on the Mobility (MDM and MAM) page.
- On the Knox Manage console, go to Advanced > Azure AD Integration, then click Switch to MDM Application. If asked, follow the on-screen prompts to manually grant additional Microsoft Graph API permissions to Knox Manage.
