Back to top
Home / Knox Mobile Enrollment / How-to guides /

Use the Knox Deployment App

Last updated March 19th, 2024

The Knox Deployment App is a mobile application available from Google Play that is uniquely designed to help streamline the enterprise deployment of Samsung phones and tablets running Knox 2.8 or higher.

About the Knox Deployment App

The Knox Deployment App allows you to enroll devices without a reseller, one device at a time. This app simplifies device enrollment by allowing you to use a primary device to enroll a secondary device, without factory resetting it. Once enrolled, you can easily locate the devices within your console. You can also test other Knox cloud services prior to contacting your reseller for bulk device upload.

Using the Knox Deployment App doesn’t apply the profile to the admin or primary device. It only broadcasts the profile to devices that are in close physical proximity to the primary device. Hence, only devices within physical proximity of the admin or primary device — with the Knox Deployment App installed — can enroll. Furthermore, device users using a personal Samsung account for other services such as Samsung Health, SmartThings, among others, won’t be able to sign in to the Knox Deployment App on the same device with their enterprise account. They’ll need to sign out of their personal account first.

The Knox Deployment App supports the following ways of enrolling devices:

  • Bluetooth enrollment — To support Bluetooth-based enrollments, you can install the Knox Deployment App on a dedicated admin/primary smartphone or tablet device, and select existing profiles. If the user’s device is within proximity of the primary device, the user device connects to the admin device wirelessly via Bluetooth without a PIN or password requirement. For more information, go to Bluetooth deployment.

  • Wi-Fi Direct enrollment — Wi-Fi Direct supported devices can connect directly to each other through a WLAN, without joining a traditional wireless network or Wi-Fi hotspot. Once enabled, the device automatically scans for other supported Wi-Fi direct devices. Once discovered, specific devices can be selected for enrollment data transfer. For more information, go to Wi-Fi Direct deployment.

Prerequisites

  1. You must create a Samsung Knox account and ensure:

    • Your device supports Bluetooth or Wi-Fi Direct.

    • You have at least one profile configured in your Samsung Knox account.

  2. Samsung devices that run Samsung Knox. Currently, the Knox Deployment App doesn’t support the enrollment of Samsung devices without Samsung Knox. See the list of supported devices to determine compatibility.

  3. Get the appropriate licenses to enroll devices through the Knox Admin Portal. Knox Mobile Enrollment doesn’t require a license. Knox Configure and Knox Guard require a license.

  4. Install the Knox Deployment App on an admin or primary device, and sign in using your Samsung Knox credentials.

  5. Select a profile on the primary device to apply to the devices.

  6. Ensure that the device you are enrolling hasn’t already been uploaded to a Knox cloud service.

    • The Knox Deployment App is only designed for use with one Knox cloud service at a time. Devices already enrolled via the Knox Deployment App can then be reassigned or updated through the KCS console it was uploaded to.

    • To avoid issues with the Knox Deployment App enrollment, unenroll your device from any Knox cloud services it is enrolled in prior to using the Knox Deployment App for enrollment. See the FAQ about the Knox Deployment App being enrolled to only one Knox cloud service for more information.

  7. Enable mandatory two-factor authentication.

Using the Knox Deployment App

To get started with using the Knox Deployment App, you must:

  1. Tap Sign in once the Knox Deployment App launches on the device.

    If the Knox Deployment App is already running on the device, the initial screen isn’t displayed, and the application displays the sign-in screen.

  2. Enter your Knox Admin Portal username and password. Note that you’ll have to set up two-factor authentication. For more information, see the two-step verification FAQs.

Once you have successfully signed in to the Knox Deployment App, the Welcome screen displays options for selecting a profile and a deployment mode.

Profile selection

You can select a profile to use within the Knox Deployment App. To select a configuration profile:

  1. Select Tap here to select a profile from the Welcome screen to display a list of profiles.

  2. (Optional) Filter profiles if you’d like to see only the profiles that are associated either with Knox Mobile Enrollment or Knox Configure. Additionally, you can interact with these profiles, as follows:

    • The most recently added profiles are displayed first within their respective categories.

    • Each listed profile briefly describes its relevance to a particular device enrollment option, based on the Knox Development App.

    • If needed, tap the Search icon to search existing profiles. Note that this search function locates only filtered profiles.

    • If no profiles are available, create a profile on the Knox Admin Portal.

  3. Select a listed profile. Once selected, this profile is displayed upon subsequent logins.

The profile is now ready for Bluetooth or Wi-Fi Direct deployment.

Bluetooth deployment

bluetooth enrollment

To enroll and deploy devices through bluetooth:

  1. Navigate to the Select deployment mode screen and select Bluetooth as the device deployment mode.

  2. Set the Bluetooth duration to either 30 minutes, 1 hour, 3 hours, 5 hours, or 8 hours. Tap OK to save the update.

    • Bluetooth duration is the deployment activation period for device user devices after they receive the profile from your primary device. Once the set duration expires, devices can’t enroll with the Knox Deployment App, and the process must be repeated to continue the enrollment of other required devices.
    1. Tap Accept automatically to automatically accept pairing requests from enrolling devices. If selected, the pairing dialogue is displayed neither on the primary device nor the receiving device.
    2. The device must remain on for the entire Bluetooth duration.

  3. Boot the secondary device that you’re adding through the Knox Deployment App.

  4. Draw a plus-sign (+) gesture on the device’s Welcome screen to initiate the deployment. This step allows you to skip the Setup wizard.

    The device must be running Knox 3.2 or higher. Additionally, Wi-Fi credentials passed to the device are for WEP, WPA and WPA2 Wi-Fi security types.

  5. On the Knox Deployment App screen, tap Start deployment to initiate the Bluetooth duration interval you configured in step 2.

    1. As long as the Bluetooth duration is still active, and the app is running actively on the device, the device display won’t time out.
    2. Bluetooth and the device location must be turned on and must run actively on the device for successful deployment.

  6. The device user then taps Finish deployment to complete the enrollment.

Wi-Fi Direct deployment

wi-fi direct enrollment

Only out-of-box deployments are supported. These deployments use a plus sign (+) gesture on a device’s Welcome screen to start an out-of-box deployment and bypass the setup wizard.

To enroll and deploy devices using Wi-Fi Direct:

  1. From the admin primary device, navigate to the Select deployment mode screen and select Wi-Fi Direct as the device deployment mode.

  2. Once Wi-Fi Direct is selected as the deployment mode, specify whether the Wi-Fi Direct connection is automatic or manual:

    • Accept manually — Requires a device user to enter a system-generated PIN every time a connection is requested from an enrolling device. This is the default setting.

    • Accept automatically — Automatically accept connection requests from enrolling devices.

Accept connection requests manually

To establish a manual Wi-Fi Direct connection:

A Wi-Fi Direct manual connection requires a PIN be entered correctly before the expiration of a timer.

  1. Tap Accept manually from the Select Wi-Fi Direct screen when prompted.

  2. Note the displayed PIN needed to proceed with the manual Wi-Fi Direct connection.

  3. Tap Connect before the countdown expires. An Accept sharing request dialog prompts you to enter the required PIN before the countdown timer expires.

  4. Enter the PIN and tap Accept. This enables the listed primary/admin device to share enrollment information via the newly established Wi-Fi Direct connection.

  5. Tap Finish deployment on the admin or primary device to finish enrollment.

Accept connection requests automatically

To establish an automatic Wi-Fi Direct connection:

  1. Tap Accept automatically from the Select Wi-Fi Direct screen when prompted.

  2. Tap Connect before the countdown expires to initiate a Wi-Fi Direct connection with the primary or admin device. This enables the listed device to share enrollment information via the newly established Wi-Fi Direct connection.

  3. Tap Finish deployment on the primary or admin device to finish enrollment.

On this page

Is this page helpful?