Enabling Dual DAR with Knox Service Plugin (KSP)


  • MDM/UEM to deploy KSP
  • KSP Premium license Key
  • Device that has Dual DAR 1.1.0 or higher

Supported devices

  • DualDAR is supported on Galaxy S10, N10, S20 and future flagship models

How to Enable Dual DAR

  1. Through your MDM/UEM of choice, go to the KSP Configuration
  2. Under the initial KPE Screen
    1. Enter profile name if applicable (some MDM/UEM don’t require this)
    2. Enter the KPE Premium key
    kpe key
  3. Click on Work Profile Policies(which drops down additional configurations) under Enable Work Profiles set to True work profile policies
  4. Click on Work Profile Configuration (which drops down additional configurations) and set Enable Work Profile Configuration Controls to true work profile config
  5. Click on Dual Data-at-Rest (DAR) Encryption (which drops down additional configurations)
    1. Enable Dual DAR Controls set to True
    2. Data lock timoeout type set to any option in the drop down
      • Use this control to set a data lock type. This locks the credential encrypted (CE) storage and flushes the key from memory. Once locked, apps can’t use the CE until user provides the credential again
    3. Data lock timeout value (in mimutes) set to any value above 1
      • Use this control to specify the data lock timeout value in minutes. To use this feature, you must set the data lock timeout type to specified value.
    4. List of apps approved to access DE storage
      • List application’s package name (example

How to verify Dual DAR is enabled on a device

Verification method 1 via KSP application

  1. Go to your Work Profile and click on Knox Service Plugin
  2. Click on Configuration on date & time
  3. Configuration results should show Dual Data-at-rest(DAR) Encryption as successful

Verification Method 2 via Settings and Work Profile

  1. Navigate to Settings (gear icon)
  2. Scroll down to Work Profile Settings
  3. Scroll to the very bottom to About Work Profile
  4. Under version number it will say DualDAR enabled (if successfully configured) dualdar screenshot
Share it: