Menu

KME Direct


Knox Mobile Enrollment (KME) Direct—referred to as KME Direct in this guide—is the on-premise version of KME. It aims to simplify the initial setup and enrollment of corporate-owned and employee-owned devices in a closed network or on-premise environment where devices are activated and used with little configuration variance amongst the devices deployed.

Audience

This document is intended for:

  • IT admins—Admins create profiles with the necessary device settings, restrictions, apps, and other content to deploy to groups of devices.
  • Device users—Once the IT admin creates a device configuration profile, device users can configure and set up their devices using a QR code on a device connected to the enterprise’s network. Devices set up using the QR code are then enrolled in the enterprise’s MDM.

About KME Direct

To mass deploy devices to device users or employees, the IT administrator uses KME Direct to create, configure, and generate a QR code that the device user can use to set up their devices. For an overview of the KME Direct workflow, see KME Direct workflow.

Key features

KME Direct offers the following key features:

  • Simple provisioning—The device user does not need to perform any activities for setting up and configuring the device beyond unboxing the device and scanning a QR code.
  • Automated workflow—IT admins can automate all activities in the workflow, right from network connection properties to device configuration such as security and privacy settings or display properties.
  • Peripheral configuration—Device users can connect and configure peripheral devices for optimum device and data security using a one-step configuration process.

Key benefits

Over and above these core features, Samsung's KME Direct provides the following device enrollment benefits:

  • Configure once, deploy multiple times—For enterprise IT admins, setting up and configuring hundreds or thousands of enterprise devices can mean a labor intensive, manual process. With KME Direct, IT admins can create a configuration profile and send a QR code to the device user so that the device user can unbox, set up, and configure their own devices. IT admins can create multiple configuration profiles, one for each device use case, and share these with the device users. For example, the IT admin can create one device profile for a sales person, another for a customer support representative, and yet another for an HR employee. Each profile is associated with one generated QR code. When the device user or employee scans the appropriate QR code on their device, the appropriate set up and configuration profile is installed on their enterprise device.
  • No hassle device set up and configuration—Setting up and configuring devices in a closed network or on-premise environment generally requires the enterprise’s IT admin or the device user to follow a set of procedures on the target device. This process often involves turning on the device and manually applying the appropriate settings or maybe just pushing a device configuration profile using an MDM. This manual process often creates problems, resulting in IT teams having to spend time guiding frustrated employees through the process. With KME Direct, this entire process is automated and does not require any support from the IT admin. As soon as the employee receives their device, powers it on, and scans the QR code, the device automatically installs the required software and applies the security settings and configurations provisioned by the enterprise.
  • Mobile security management—With Samsung Knox, the integrity of the entire device is protected from hardware to the application layer. With KME Direct, similar to KME, IT admins can set security policies without physically touching the device. IT admins can retain total device control.

KME Direct workflow

The KME Direct workflow offers a streamlined method of configuring device profiles and allowing device users to use an automated method of setting up their devices.

The workflow is as follows:

  1. The enterprise’s IT admin purchases devices either from their Samsung representative, a Reseller, or a mobile carrier. Either the Reseller or the enterprise’s IT admin uploads the details of the purchased device to the Samsung Reseller portal.
  2. The IT Admin now uses a Windows 10 device to log in to Samsungknox.com > KME Direct download page and download the KME Direct PC application.
  3. The IT admin follows on-screen prompts to review terms and conditions and open the application on their device.
  4. The IT Admin uses the PC application to configure the devices by assigning them to a device configuration profile and optionally adding username and password information to each device. The IT admin can also automatically assign devices to a profile.

IMPORTANT—Before you use KME Direct to manage a device, the IT admin must first erase the devices' unique ID from KME Cloud since KME Cloud profiles are higher priority than KME Direct profiles. Otherwise, the KME cloud profile will override KME Direct profile.

Share it: