Menu

Set up and configuration for IT admins

KME Direct, just like KME, enables IT administrators to create device configuration profiles that device users can use to set up and configure their enterprise devices.

NOTE—We recommend that the IT admin create a new device configuration profile for each type of employee or their role. Some examples of different employee roles are: HR generalist, Technical or Customer Support representative, and teacher or medical professional. Creating a new profile for each role ensures that the devices are sufficiently customized for all activities required for the employee to perform their jobs. This customized profile also includes the appropriate security restrictions to safeguard the enterprise’s data, such as disabling high-bandwidth video streaming or automatic app updates and wiping company data if a device is lost or stolen.

Access the KME Direct application

Samsung Resellers or enterprise IT admins with authorized Samsung Accounts can access the KME Direct app from the KME Direct download page on SamsungKnox.com.

To get access to KME Direct, do as follows:

  1. Create a Samsung Account. For more information on how to create your Samsung Account, see Create your Samsung account.
  2. Go to the KME Direct page and click the KME Direct installer.
  3. Continue to download and install the KME Direct app.

Download and install the KME Direct app

Once your access is approved, do as follows to download and install the KME Direct PC app to your local computer:

  1. From a Windows computer that meets the minimum system requirements, log in to your Knox.com account. Then, go to the KME Direct download page.
  2. Double-click the KME Direct installer to open the installer and start the installation process.
  3. When prompted, create your passcode, and then click Next. This passcode is saved to your local drive and you must use it whenever you use the KME Direct app again. Choose a passcode meets the following minimum requirements:
    • Between 4 and 12 characters
    • Includes numerals
    • Uses a mix of upper and lowercase letters
    • Includes one or more of these special characters: !, @, #, $, %, ^, &, or *.
  4. On this screen, you can create and download your recovery key to your local drive. To download the recovery key, do as follows:
    1. In the recovery key field, click Copy to copy the key to your clipboard.
    2. Open a text editor—such as Notepad or Notepad++—and paste the key you just copied.
    3. Save this file to your local drive. We recommend naming the file something meaningful, such as KME Direct Recovery Key.

    This recovery key is the crucial component to resetting your KME Direct app password. If you forget your KME Direct app password, you can use this recovery key to reset it. Once you save your recovery key, click Next to continue.

  5. When prompted and if you want to install the KME Direct app to a custom location on your computer, click Browse. The File Save as screen opens to let you choose your installation location. Once you’ve selected the installation location, click Next.
  6. On the confirmation screen that opens, click Launch to close the installer and open the KME Direct app. Once you’ve successfully installed the app to your computer, you can now launch the KME Direct app.

Launch the KME Direct app

To open the KME Direct app, do as follows:

  1. On your local computer, navigate to the location where you installed your KME Direct app, and double-click the KME Direct installer file to open it. Alternatively, navigate to your desktop, and double-click the KME Direct desktop shortcut.
  2. When prompted, enter the KME Direct passcode that you created during installation, and click OK. The Profiles screen opens.
  3. From this screen, you can now create new profiles as well as modify and delete existing profiles.

Create new profiles

Currently, IT admins can use KME direct to create two types of profiles:

  • Device configuration profile (XML) containing settings for customizing device settings such as display, sounds, key mapping, and other general settings. Learn how to create device configuration profiles.
  • Device deployment profile (QR Code) containing basic information such as network connectivity settings and provisioning apps. Learn how to create device deployment profiles.

When creating each of these types of profiles, IT admins create XML (for device configuration profiles) files or QR codes (for device deployment profiles) for target devices that device users can use to configure their devices.

For more information about some of the custom settings available to IT admins using KME Direct, see Custom profile configurator settings.

Custom profile configurator settings

The following table describes some of the custom configurations that IT admins can apply to devices using profiles in KME Direct.

Category

Settings configurable using KME Direct

Hardware key configuration

  • For Xcover Key—Launch MS teams, broadcast custom intent, or launch an app
  • Top Key—Broadcast custom intent or launch an app

Display configuration

  • Outdoor mode—Configure brightness, screen timeout, and font size
  • Glove mode—Configure touch sensitivity of the device’s screen

Network configuration

Wi-Fi or network settings such as turning Wi-Fi disallowed list options on or off to prevent blocking a network connection because of poor network quality

Create device configuration profiles

To create a device configuration profile, do as follows:

NOTE—The device user can change these settings manually, on the device after automatic device configuration using KME Direct is complete.
  1. Launch the KME Direct app, and on the Profiles screen that opens click Create Profile.
  2. On the Device type for profile screen that opens, select the Knox SDK version for your devices. Click Continue.
  3. On the Select profile type screen that opens, click Device Configuration Profile (XML).
  4. On the Profile Details screen that opens, in the Profile name field, enter an appropriate value, and then click Continue. We recommend using a name that signifies the purpose of the profile, such as DisplaySettingsHealth, SoundProfileIT.
  5. On the Display Configuration screen that opens, configure the following settings, and then click Continue:
    • Screen timeout settings—Select whether the screen should timeout after a certain time interval.
    • Brightness levels—Set the brightness levels for the device, as well as whether the device should use adaptive brightness settings that automatically adjust the brightness levels based on external lighting.
    • Font settings—Set the default font settings to use for the device.
    • Touch sensitivity settings—Change the sensitivity of the device screen for devices that use screen protectors or when device users use the device wearing gloves.
  6. On the Key Configuration screen that opens, configure the following settings, and then click Continue:
    • Navigation bar settings—Select the format and order of app icons on the Navigation bar, for example Back button > Home button > App or Apps > Home button > Back button.
    • Home key settings—Select the app to launch when the Home key is tapped, essentially remapping the Home key to the new app. The default value of this key is set to Google Assistant.
    • X Cover key settings—Select what happens when the device user presses the X Cover key. The options available are: MS Teams, Custom Intent, or App launch. When you select Custom Intent or App Launch, the screen refreshes to show fields that allow you to customize what happens when the key is pressed.
    • Top key settings—Select what happens when the device user presses the top key. Use the fields under this heading to customize what happens when the key is pressed.
  7. On the General configuration screen, configure the following settings, and then click Continue:
    • NFC settings—Set whether you want to enable the use of Near Field Communication (NFC) apps on the device.
    • Wi-Fi Blocklist settings—Specify the SSIDs of Wi-Fi connections that are blocked and to which the device must not connect. To add new blocked SSIDs, in the Wi-Fi Blocklist section, click Add and in the field that shows add the SSID. You can also specify that the device user cannot accidentally add SSIDs associated with safe and allowed Wi-Fi connections to the blocklist.
    • Sound settings—Specify whether to selectively control the device’s volume, such as setting it to 100%.
    • System language and country settings—Set the device’s language and country settings. These settings control the local timezone and language shown on the device.
  8. On the Summary screen, confirm the settings you have just set and then click Generate XML. The XML file is generated and saved to your local drive. At this point, you can upload this file to the relay server from where target devices can download this XML file so that the KSP agent can apply the settings to the device. The Download URI for the configuration file is contained within the QR Code generated and shared with the device user.

Create device deployment profiles

To create an EMM or device deployment profile, do as follows:

  1. Launch the KME Direct app, and on the Profiles screen that opens click Create Profile.
  2. On the Device type for profile screen that opens, select the Knox SDK version for your devices. Click Continue.
  3. On the Select profile type screen that opens, click Device Deployment Profile (QR Code).
  4. On the Profile Details screen that opens, enter the following information, and then click Continue:
    • Profile name—Enter an appropriate value that signifies the purpose of the profile, such as DisplaySettingsHealth, SoundProfileIT.
    • Organization name—Enter the name of the organization or business unit that the device user belongs to. You can use different organization names to differentiate between the various settings that apply to the device.
    • Description—Enter a clear and concise description of the purpose of this particular profile.
  5. On the Wi-Fi network connection policy screen that opens, configure the following settings, and then click Continue:
    • SSID name—Enter the name or the SSID of the Wi-Fi network that you want the device to access.
    • Wi-Fi MAC address randomization—Whenever the device connects to the Wi-Fi network, the router can assign a randomized MAC address to it, preventing malicious security threats from using MAC addresses to build a history of device activity. Ultimately, this feature increases device user privacy.
    • Proxy information—Set whether the Wi-Fi network uses a proxy server.
    • Security information—Use the fields in this section to add detailed security information such as type of security and password. These details are available from the network administrator that created or manages the Wi-Fi network.
  6. On the Legal Agreement screen that opens, configure the following settings, and then click Continue. In cases where the location, organization, or other properties of the target device necessitate a custom privacy policy, legal agreement URI, or Terms of Service (ToS), IT admins can use this screen to specify the legal agreements to use.
    • Title—Specify the name of the legal agreement that is applicable to the device.
    • Legal Agreement URI—Add the URL of the custom legal agreement or ToS applicable to the device.
  7. On the Android Enterprise enrollment screen, configure the following settings, and then click Continue:
    • EMM provider—In the EMM provider list, select the name of the EMM provider which is used to manage the target device.
    • EMM agent URL—Enter the URL of the provide APK host applicable to this profile.
    • EMM agent’s receiver component name—Enter a name for the admin package deployed to the device. The format of the Admin package component name is set to package name/class name. For example, for the Workspace ONE UEM, the package name is set to com.airwatch.androidagent/com.airwatch.agent.DeviceAdministratorReceiver. For more information see KME Admin Guide.
    • EMM agent signature checksum—Enter the value of the admin package's signature checksum. The Admin package signature checksum is the Base64 encoded SHA-256 hash of the MDM APK signature, which is URL friendly. You can get this value from your MDM. For more information see Android developer documentation > DevicePolicyManager#EXTRA_PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM. Alternatively, you can use utilities such as Keytool on Linux to get this value.
    • EMM server URI—Enter the URI of the EMM server to connect to from the target devices.
    • Custom JSON Data (as defined by EMM)—Enter the custom data in JSON format that is sent to the EMM agent. Usually, this information is the ID and password for the EMM agent to login to the EMM server. For example, {"gid":"mygid","un":"myusername","pw":"mypassword"}.
    • Root or intermediate certificate—To upload this certificate, click Upload to open a file browser. Follow on-screen instructions to look for and upload the appropriate file.
  8. If necessary, on the Additional deployment options screen, configure the following settings, and then click Continue. These settings are optional and not necessary to create this profile.
    IMPORTANT—You can only configure the following settings if you have previously set up a Device configuration profile.
    • Local server URI for a Device Configuration Profile (XML)—The location on your relay server where you have created and saved the Device Configuration profile, from where target devices can download the XML file. This URI can start with http:// or https://.
    • Local server URI for the Knox Service Plugin agent (APK file)—Use the fields in this section to add the URI of the KSP APK installation file to download to target devices. This URI must start with http:// or https://.
    • Package name and Signing key—Use these fields to indicate your package name, such as com.samsung.android.knox.kpu, and the associated signing key.
    • Additional applications—Similar to the KSP app specified in the previous field, you can use this section to add information about other apps that you want to install offline on the target device.
  9. On the Summary screen, confirm the settings you have just set and then click Generate QR Code. The QR Code is generated and saved to your local drive. You can then share this QR code with the users of the target devices who then use the QR code to set up their devices.

Manage existing profiles

In addition to creating new profiles, IT admins can manage existing from the Profiles screen. Once IT admins create one or more profiles, they are listed on the Profiles screen. From this screen, they can modify or delete profiles.

Modify existing profiles

To make changes to an existing profile, do as follows:

  1. Launch the KME Direct app, and on the Profiles screen that opens, find the profile you want to modify and click the profile name link. The appropriate profile page opens.
  2. On the screen that opens, click Edit. The profile screen changes to edit mode.
  3. Follow on-screen instructions to make necessary changes, and generate the updated QR code or XML file. Share the updated QR code or XML file with the users of the target devices.

Delete profiles

To delete an existing profile, do as follows:

  1. Launch the KME Direct app, and on the Profiles screen that opens find the profile you want to modify and click the checkbox next to the appropriate profile name to select it.
  2. With the checkbox selected, click Delete Profile. The Profiles page refreshes with the selected profile removed from the list of profiles. The devices to which the profile was previously applied remain unchanged, as there is no communication between the PC desktop app and the target devices.
Share it: