- Welcome
- Basics
- Device apps
- Overview
- SDK Licenses
- Knox SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorials
- Features
- API Reference
- Sample Apps
- Overview
- Get started with the Knox SDK
- Get started with KPE Premium licenses
- Knox and Android Work Profiles
- Knox Attestation
- Kiosk Mode
- Samsung DeX Mode
- Knox Container
- Knox SDK Backwards Compatibility
- Application Management
- Microsoft Exchange Accounts
- VPN Configuration
- Client Certificate Manager (CCM)
- Tools
- FAQs
- FAQ Index
- General
- What is the Samsung Knox SDK?
- Where can I obtain a white paper for Samsung Knox?
- What versions of Android support the Knox SDK?
- How can I check if my device firmware is an engineering or commercial build?
- How can I access the binaries before they are released?
- What is a deprecated API method?
- What are the features by default set to hidden/disabled in ProKiosk mode?
- What are credentials?
- What is Knox TIMA CCM?
- Is Knox supported on other platforms, such as windows?
- Which hardware control features can be managed inside Knox Workspace, using the Knox SDK?
- Why do a few Knox SDK APIs not work on some devices?
- Can Google Play used to deploy Knox apps?
- Can I use managed configurations for Samsung Knox features?
- Can a third-party app use the Knox SDK to get LDAP information?
- How do I enable users to select a 3rd party keyboard?
- How does my device's serial number change with Knox 3.2.1?
- If I don’t use the UCM APIs of the Knox SDK, what are my options for credential storage?
- Installation
- How do I use an SDK packaged as an Eclipse IDE add-on with the Android Studio IDE?
- Is it possible to install an app silently on a device using Knox SDK?
- Why am I still able to download an app even though I have added it to blacklist with the method addAppPackageNameToBlackList(), from the Knox SDK?
- How can an app find out which apps are installed in and outside a container, using the Knox SDK?
- How can an app block the installation of a non-trusted app, using the Knox SDK?
- What does "Security policy prevents installation of this application" mean?
- Can I prevent an end user from installing certificates, with the Knox SDK?
- Does API method installApplication(String packageName) download apps from the play store and install them silently?
- Does the API method setApplicationUninstallationDisabled disable the uninstallation of apps inside the container, when using the Knox SDK?
- Why is the installCertificate API method not successfully installing a certificate on my device?
- Licensing
- How do I use license keys?
- What is the KPE Premium license key and why should I use it?
- What is the backwards compatible key?
- When do I need to use the backwards compatible key?
- Do I need to associate my app with a backwards compatible key?
- How have license key names changed?
- When is the ELM key service terminated?
- What will happen to existing commercial KLM license keys?
- What will happen to existing commercial ELM license keys?
- What should I do if I want to service my app which uses ELM?
- Would the legacy ELM and KLM keys still work with the Knox Platform for Enterprise (KPE) key?
- Which keys can be used in combination with each other?
- What is automatic license seat release?
- What are license permissions?
- What is the difference between Standard and Premium permissions?
- How do I declare permissions?
- ELM end of service
- Customization
- Container
- How does an app detect if a container was created using the Knox SDK?
- How do I install the MDM agent inside the Knox container?
- I have created a "container only mode" container and I am locked inside, using the Knox SDK. How do I exit?
- Why do I get error KnoxContainerManager.ERROR_INTERNAL_ERROR(-1014) while creating a container?
- SDP
- UCM
- DA Deprecation
- What is DA Deprecation?
- What is the impact of DA deprecation to Knox?
- As a Knox partner what actions do I need to take for DA deprecation?
- Are there any changes to Knox Configure due to DA deprecation?
- Can I use my DA app alongside Knox Configure?
- As DA management mode is not available in Android Q, can I enroll via KME to Work Profile only?
- Can my DA app coexist with a UEM app running as DO?
- Does KME still support the enrollment of devices using DA mode?
- What happens to DA apps when upgraded from Android P to Android Q?
- KBAs
- Knox Tizen SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorials
- API Reference
- Sample Apps
- FAQs
- FAQ Index
- General
- How is Tizen related to Knox?
- Which devices support the Knox Tizen SDK for Wearables?
- What version of the Tizen SDK should I install before installing the Samsung Knox Tizen SDK for Wearables?
- Should I install any extension SDK before installing the Samsung Knox Tizen SDK for Wearables?
- What are the modes in which you can use the Samsung wearable device?
- What are the supported Wi-Fi security types?
- How do I get the attestation blob?
- What is a nonce and why is it valid for a short time period?
- What is ProKiosk mode?
- Licensing
- Samsung EDU SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorial
- Features
- API Reference
- Sample App
- FAQs
- FAQ Index
- General
- What is Samsung EDU SDK ?
- Which devices support the Samsung EDU SDK?
- Who does Samsung EDU SDK benefit?
- How does Samsung EDU SDK benefit 3rd party developers?
- What features can I implement with Samsung EDU SDK?
- How many students can EDU SDK support in a single session?
- What agents are supported in EDU SDK?
- What is a Custom agent?
- Can a teacher lock a student's device?
- Licensing
- Operation
- Can the EDU SDK be used with non-Samsung devices?
- Can Samsung EDU SDK be used in both tablets and smartphones?
- Does EDU SDK work with AllShare cast?
- Does the Samsung EDU SDK have any limitations when used remotely?
- How do I capture logs from a device to submit to technical Q&A?
- What is BaseAgent?
- What is the Smart graph feature? How can it be used?
- Samsung India Identity SDK
- Overview
- About the SDK
- What's new
- Get started
- Features
- API Reference
- Sample Apps
- FAQs
- FAQ Index
- General
- Installation
- Licensing
- Operation
- How do I verify if my device supports Samsung India Identity SDK?
- Should I capture the IRIS image of one or both eyes?
- When do I use the UIDAI Staging server and UIDAI Production server?
- What are the URLs that need to be whitelisted for enterprise-managed devices using the Samsung India Identity SDK APIs?
- Who is impacted by the upgrade of the biometric public devices to registered devices?
- Is there any hardware change required to upgrade the public devices to registered devices?
- What are the application (APK) changes required to upgrade the public devices to registered devices?
- Web services
- Overview
- Cloud Authentication
- Knox Deployment Program
- Knox Mobile Enrollment
- Knox Attestation
- Knox E-FOTA
- Overview
- About Knox E-FOTA
- What's new
- Get started
- Tutorial
- API Reference
- FAQs
- FAQ Index
- General
- What is Knox Enterprise FOTA (E-FOTA)?
- What are the main features of Knox E-FOTA?
- What industries benefit from Knox E-FOTA?
- Why do enterprise customers need Knox E-FOTA?
- What benefits do MDM developers get from Knox E-FOTA?
- What Samsung devices support Knox E-FOTA?
- Is there a server dedicated to Knox E-FOTA?
- If I sent a request in JSON for Knox E-FOTA, will I receive a JSON return instead of XML?
- Can I use Knox E-FOTA v1 APIs in combination with Knox E-FOTA v2 APIs?
- What is the main difference between FOTA and Knox E-FOTA?
- What types of firmware updates does Knox E-FOTA manage?
- With FOTA, can you skip a firmware version and upgrade to the subsequent version?
- Can I use Knox E-FOTA to set the highest firmware version allowed on multiple devices?
- Does Knox E-FOTA support firmware downgrades?
- Do customers need to have a contract with Samsung to use a site license for Knox E-FOTA?
- How can the FOTA server identify devices that use Knox E-FOTA?
- What are the device requirements for a Knox E-FOTA update?
- Are there any restrictions on what firmware can be downloaded using Knox E-FOTA?
- How can I get release notes for Samsung firmware releases?
- What if a firmware update is performed on a device that has a higher firmware version than the update?
- Is there a way to avoid incurring mobile charges when using Knox E-FOTA?
- What licenses are required to use Knox E-FOTA?
- Can carrier devices use Knox E-FOTA?
- Installation
- Operation
- If I don’t use Knox E-FOTA, what are my options for managing firmware?
- When using Knox E-FOTA, what if a device already has a firmware version higher than the version that we need to update to?
- When using Knox E-FOTA, does a forced firmware update still ask the device user to agree to the update?
- Where can I get release notes for each Samsung firmware version?
- Appendix
- Managed configurations
- Introduction
- Deploy managed configurations
- FAQs
- FAQ Index
- What are managed configurations?
- Why should I use managed configurations?
- How do managed configurations work?
- Can I use managed configurations for Samsung Knox features?
- What is a managed configurations XML schema file?
- Which Samsung apps support managed configurations?
- How do I deploy managed configurations on an MDM console?
- Where can I get the XML schemas for Samsung apps that support managed configurations?
- Is there sample code showing how an MDM web console can deploy an iframe that renders a managed configurations XML schema?
- What email app is preloaded on Samsung devices?
- Knox Service Plugin
- Samsung Email
Knox licenses
Our Samsung Knox SDKs are powerful. They provide you with system-level control over all the great features in Samsung phones, tablets, and wearables, and help you to create the next killer app with differentiating features for the next big business opportunity. Our SDKs extend capabilities in the Android and Tizen SDKs, providing enterprises with additional features to remotely manage, customize, and secure devices.
We uses licenses for two key purposes:
- Security—We limit access to the more powerful APIs to vetted enterprises in our Knox Partner Program. If we find that an enterprise is intentionally or accidentally abusing the use of our APIs, we can revoke their licenses immediately and prevent their apps from calling our APIs.
- Billing—We charge for premium Knox features. We do this by tracking each time an app activates a premium license key on a device, and billing the customer who owns that premium license key. Standard Knox features are free; to see the standard and premium features, see License permissions. We bill premium features on either a subscription or one-time basis, with the pricing dependent on the negotiated partner contract.
You can incorporate the billing of our premium Knox features into your own monetization models as follows:
- Add-on—Charge our Knox subscription fee on top of your own service fee.
- Tiered—Establish a higher-cost, premium-tiered service that includes paid Knox services.
The model depends on whether you want to hide our licensing structure and details from customers.
KPE license types
The Knox SDK and Knox Tizen SDK for Wearables use the Knox Platform for Enterprise (KPE) license. This license is permission-based, with these variants providing access to different free and paid features:
- KPE Standard—Provides permissions to call APIs that manage device features like network connections, user accounts, location, simple kiosking, data encryption, and security restrictions. This is a free license.
- KPE Premium—Provides all the Standard permissions as well as permissions to call APIs that provide advanced security features like containers, VPNs, and certificates, as well as comprehensive device customization and kiosking. This is a paid license.
- KPE DualDAR—Provides all the Premium permissions as well as a permission to call APIs that enable double encryption of Data-At-Rest. This is also a paid license.
Development and commercial licenses
We provide trial licenses for those evaluating our SDKs:
- KPE Development—This trial license provides the permissions to call all APIs, but works on a limited number of devices for a limited time period. Once expired, you can either generate a new Development license or upgrade to a Commercial license. All partners can generate this license from the Knox Partner Portal.
- KPE Development Limited—This is similar to the KPE Development license, but offers access to a limited number of permissions. Independent developers with our previous SEAP program could generate this license. The Knox Partner Portal still displays but no longer generates these licenses. We encourage independent developers to enroll to become a partner.
- KPE Commercial—This license works on an unlimited number of devices for various time periods. How you get this license depends whether you are using free or paid features:
- Free (Standard permissions)—You can generate this commercial license from the Knox Partner Portal.
- Paid (Premium, DualDAR permissions)—Because billing needs to be set up, you must contact a Knox license reseller to purchase these licenses on your behalf.
License scope
You can use development licenses on a limited number of devices and for a limited time period:
| SDK | Development License | # Activations | Valid Period | Max # Licenses |
|---|---|---|---|---|
| Knox SDK Knox Tizen SDK for Wearables |
KPE Development | 30 | 6 months | 1 |
| KPE Development Limited | 10 | 3 months | 1 |
You can use commercial licenses on more devices and longer time periods:
| SDK | Commercial License | # Activations | Valid Period | Max # Licenses |
|---|---|---|---|---|
| Knox SDK Knox Tizen SDK for Wearables |
KPE Standard | Unlimited | Unlimited | 100 |
| KPE Premium | As many as you purchase | Monthly, yearly, or perpetual | Unlimited | |
| KPE DualDAR | As many as you purchase | Yearly or perpetual | Unlimited |
Other license types
Other license types include:
- Backwards—compatible key–This enables devices running Knox v2.7.1 and earlier to use the Knox 3.x SDK. If your app needs to support devices with older Knox versions, you need to generate only one such key, which works on an unlimited number of devices for an unlimited period.
- REST authentication key—If you are also using our web services, you need an authentication token to verify that you are allowed to access our REST APIs.
Knox v2.9 first introduced a Beta version of the permission-based KPE license. Before that, devices running Knox v2.8 and earlier used these older license types:
- Enterprise License Manager (ELM)–The Samsung EDU SDK still uses this ELM license to authenticate apps that called its APIs. The legacy Knox Standard, Premium, and Customization SDKs also used the ELM license. ELM will be terminated from December 31st, 2020. To get more info, see ELM end of service FAQs.
- Independent Software Vendor (ISV)–The Samsung India Identity SDK still uses this ISV license to authenticate apps that call its APIs. The legacy Knox ISV SDK also used the ISV license. The ISV license continues to work with no changes needed.
- Knox License Manager (KLM)–The legacy Knox Premium and Customization SDKs used the KLM license to track customer usage of paid APIs for billing purposes. The KLM license continues to work, but if your key reaches the maximum number of activations purchased, you need to contact us to buy more activations for the key.
See also:
