Menu

Configure Microsoft Azure AD SSO settings

NOTE—If you enable Azure AD as a sign-in method, you cannot use Samsung Account to sign into Knox services.

On the Samsung Knox portal

In the top right corner of your Knox dashboard, click the avatar icon to access your account settings. Then, in the left sidebar, click SSO SETTINGS. Note the below fields on the page, as you'll need them for your Azure AD configuration.

  • Identifier (entity ID): Enter https://www.samsungknox.com in this field.
  • Reply URL (assertion consumer service URL)
  • App federation metadata URL

On the Microsoft Azure portal

Next, add the Samsung Knox and Business Services app:

  1. Under Azure services, click Azure Active Directory.
  2. In the left sidebar, click Enterprise Applications.
  3. Select New application.
  4. In the Browse Azure AD Gallery section, enter Samsung Knox and Business Services in the search box.
  5. Select the Samsung Knox and Business Services app from the results and add it.

Then, assign users and groups to the Samsung Knox and Business Services app:

  1. In the left sidebar, click Users and groups.
    />
  2. Click Add user/group.
    />
  3. On the Add Assignment screen, under Users and groups, click None Selected.
    />
  4. In the list of users and groups, search for and select the users and groups to assign to the app. Then, click Select.
    NOTE—Selected users must have an Azure Active Directory account.
    />
  5. At the bottom of the screen, click Assign to allow the users to access the app.

On the Samsung Knox portal

Finally, follow the steps below to set up the Basic SAML configuration:

  1. In the Azure portal, select the Samsung Knox and Business Services application page, navigate to the Manage section and select Single sign-on.
  2. Select SAML as the single sign-on method.
  3. Under Basic SAML Configuration, enter the SAML info from your Samsung Knox settings:
    • For the Identifier (entity ID) field, enter https://www.samsungknox.com.
    • For the Reply URL (assertion consumer service URL) field, enter https://central.samsungknox.com/ams/ad/saml/acs.
    • For the Sign on URL field, enter https://accounts.samsung.com/.

  4. Under SAML Signing Certificate, copy the App federation metadata URL.
  5. Navigate back to your Samsung Knox account settings. Under App federation metadata URL, paste the value you copied in Step 4.
  6. Click CONNECT TO AD SSO.
  7. In the AD log in window that appears, enter your AD credentials.
NOTE - Once you verify the connection, a warning popup appears. If you click Continue, you can no longer use your Samsung Account credentials to sign into Knox services.

<< Back to Step 2

Share it: