- Basics
- About Knox
- Knox licenses
- Knox white paper
- Sign up for Samsung Knox
- Latest release notes
- General Knox FAQ
- General Knox KBAs
- Submit a support ticket
- User Acceptance Testing
- For IT admins
- Knox Admin Portal
- Knox Suite
- Knox Platform for Enterprise
- Introduction
- How-to videos
- Before you begin
- Get started with UEMs
- Introduction
- Blackberry UEM
- Citrix Endpoint Management
- FAMOC
- IBM MaaS360
- Microsoft Intune
- MobileIron Cloud
- MobileIron Core
- Samsung Knox Manage
- SOTI MobiControl
- VMware Workspace ONE UEM
- Knox Service Plugin
- Release notes
- Migrate to Android 11
- FAQs
- Troubleshoot
- KBAs
- Knox Mobile Enrollment
- Knox Configure
- Mobile
- Wearables
- Shared Device
- FAQ
- KBAs
- Knox Capture
- Introduction
- How it works
- How-to videos
- IT admins: Get started
- Getting started with Knox Capture
- Step 1: Launch Knox Capture
- Step 2: Create a scanning profile
- Step 3: Select apps and activities
- Step 4: Configure the scanner
- Step 5: Set keystroke output rules
- Step 6: Test apps in your configuration
- Step 7: Share your configuration
- Step 8: Deploy Knox Capture in Managed mode
- End users: Get started
- Features
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox Asset Intelligence
- Knox Manage
- Introduction
- How-to videos
- Get started
- Video: Getting started with Knox Manage
- Integration with Managed Service Provider
- Access Knox Manage
- Configure basic environments
- Create user accounts
- Create groups
- Create organization
- Set up devices and profiles
- Create a new profile
- Assign profiles to groups and organizations
- Enroll devices
- Shared Android device quickstart
- Non-shared Android device enrollment quickstart
- Android Management API device enrollment quickstart
- Apple User Enrollment quickstart
- View device information
- Apply profiles to organizations
- Set up Knox Manage deployment with a Knox Suite license
- Manage Chromebooks
- Manage Android devices with the Android Management API
- Manage Shared iPads
- Configure
- Licenses
- Organization
- Users
- Sync user information
- Groups
- Devices
- Content
- Applications
- Profile
- Knox E-FOTA
- Certificates
- Advanced settings
- Monitor
- Kiosk devices
- Knox Remote Support
- Active Directory
- Microsoft Exchange
- Mobile Admin
- Appendix
- Release notes
- Features
- FAQ
- KBAs
- Knox E-FOTA
- Introduction
- How-to videos
- Get started
- Features
- EMM integration
- Appendix
- Release notes
- FAQ
- KBAs
- Troubleshoot
- Knox E-FOTA On-Premises
- Legacy Knox E-FOTA products
- Knox Guard
- Introduction
- How-to video
- Get started
- Using Knox Guard
- Dashboard
- Manage devices
- Device management
- Accept or reject devices
- Upload devices
- Delete devices
- Complete device management
- Send notifications
- Enable or disable SIM control
- Download devices as CSV
- View device log
- View device deletion log
- Start and stop blinking reminder
- Lock and unlock devices
- Update lock message
- Send relock timestamp
- Turn on/off relock reminder
- Manage policies
- Manage licenses
- Manage resellers
- Manage admins and roles
- Activity log
- Knox Deployment App
- Release notes
- FAQ
- KBAs
- Support
- Knox Guard REST API
- Samsung Care+ for Business
- For Knox Partners
- Knox Deployment Program
- Knox MSP Program
The Knox Service Plugin (KSP) is a solution that enables Enterprise Customers to use Knox Platform for Enterprise features as soon as they are commercially available.
This automatic deployment method ensures that IT admins can use the latest Knox features on the day it is launched, instead of waiting for their UEM to specifically integrate the features.
Audience
This document is intended for:
- System Security Architects — Understand how KSP works, and how you can use it to customize your deployment of Knox Platform for Enterprise (KPE).
- IT Admins — Configure the options available to KPE deployments using KSP.
Try the solution
Set up KSP with your compatible UEM, and create a profile to deploy Knox Platform for Enterprise features as soon as they're available. Use the latest Knox feature from day one without having to wait for UEM integration.
START TUTORIALBenefits
KSP enables IT admins to use Knox Platform for Enterprise (KPE) features as soon as they're available. KPE brings defense-grade security on the most popular consumer devices across all enterprises. It provides best-in-class hardware-based security, policy management, and compliance capabilities beyond the standard features in Android. Knox is the cornerstone of a strong mobile security strategy supporting a wide variety of Samsung devices.
KSP provides the following benefits:
- Help enterprise customers deploy existing and new Knox features to their devices almost instantly after features are commercially launched.
- Leverage the UEM’s framework and UI to offer enterprise customers better control over distribution and configuration of KPE features.
- Make sure all features of KPE are available for use, regardless of which UEM you choose.
- Minimize a UEM's development cost of supporting KPE features.
How KSP works
KSP is built on top of Android's new standard called OEMConfig. OEMConfig is a feature that allows you to create and remotely push configurations to apps through an XML schema file that is hosted in an app on Google Play. This architecture means that any UEM that complies with the OEMConfig standard can support KSP.
Here is an overview of how KSP works.
- App developers implement logic to support managed configurations in their apps. They use an XML schema file to define which app settings IT admins can remotely configure in their Android app. This schema is linked to the app’s manifest file. After each update, app developers push their app to Managed Google Play.
- UEM developers implement logic to pull the managed configurations schemas from apps on Managed Google Play. UEM consoles then use these XML schemas to allow IT admins to specify how they want to configure app settings. After the IT admin saves their configuration, the MDM pushes the configuration to Managed Google Play.
- Once an app configuration is updated and pushed to Managed Google Play, the app is updated on all applicable devices to reflect the new configuration.
The following is an example of a KSP policy in a UEM console.
Deployment process
The KSP deployment process is as follows:
- Samsung publishes the latest KSP Agent to the Google Play store.
- IT Admins use their compatible UEM console—that supports a managed Google Play store—to search for KSP. For a list of UEM partners that support KSP, see Supported UEMs.
- The UEM Console renders the applicable Knox features and policies using OEM Config.
- IT Admins use the UEM console to set up policies in the form of Managed Configurations. These policies are then saved and published to any managed enterprise devices.
- When a user's device is being provisioned, the UEM invokes the managed Google Play Store, which in turn installs KSP and pushes the managed configuration to the device.
- After installation is complete, KSP runs in the background on the device. KSP applies the relevant Knox policies and returns the result of the configuration process using Google's Feedback SDK.
- IT Admins can view any configuration failures and associated error messages on the UEM Console, provided the UEM is equipped to handle the result that KSP generates and sends back using the feedback SDK.