Invite and manage admins
This topic describes how to invite and manage admins, as well as assign the required roles and permissions needed to complete an admin invitation. For an overview of role-based access control and how it impacts an administrator invitation, go to: Role-based access control.
Invite and manage admins
Only selected and approved IT admins can enroll devices on behalf of customers.
Invite IT admins from within the Knox Mobile Enrollment portal as needed, and assign them unique enrollment services and permissions.
- Select Administrator & Roles from the left-hand navigation menu. Ensure the ADMINISTRATORS tab is selected.
- Select INVITE ADMINISTRATOR from the upper, right-hand side of the screen.
- If a role is required to complete an administrator invitation, select the ROLES tab from the top of the Administrators & Roles screen, then select the CREATE ROLE button.
If creating a role for a pending administrator invitation, provide the required Role name and an optional Description. Refer to the Permissions portion of the screen and enable then select additional permissions by category as required beyond the basic permissions assigned by default. The Invite and manage administrators permission can only be assigned by an administrator that themselves has that specific permission enabled. A Super Admin or an Admin with Admins' permissions can invite an admin belonging to a different service to a role in their service. Select the SAVE button to continue.
- Provide the following to complete an administrator invitation:
- First name - Provide the first name of the administrator resource.
- Last name - Provide the last name of the administrator resource.
- Email - If this email is not already associated with a Samsung Account, the user will have to create a Samsung Account before logging into Knox Mobile Enrollment. The creation of a Samsung account is required before an administrative account can be created. Samsung Knox does not support personal email addresses for new Knox account requests that have not been registered as a Samsung account.
- Role - Use the drop-down menu to assign this new administrator a role appropriate to their intended administrative function. If unsure about the exact permissions of an available role, select View Role Details to review the scope of its available permissions. The Role drop-down menu is customized for role assignments based on the administrator creating the invite. Roles cannot be deleted when there is at least one administrator using the role. An administrator must be assigned a different role to ensure no existing admins using the role before it can be deleted.
- Select the INVITE button when completed. The newly added, but pending, administrator displays as a link that can be selected to edit the administrator name and role designation. If editing the administrator's profile, select the SAVE button to commit the additional updates.
KME admins do not always want to see blocked or revoked admins within the Administrators & Roles screen. Blocked and revoked admins can be displayed or filtered out at any using the Show blocked and revoked administrators checkbox. The checkbox setting is persistent when logging in and out of the KME console.