Back to top


The Big Picture

Samsung provides both web-based as well as device-based APIs to manage our devices and services. Here is a high-level overview:

knox ecosystem

The first three services support the enterprise deployment of Samsung mobile devices:

  1. Knox Deployment Program — Knox device resellers use the Knox Deployment Program to register the IDs of devices purchased by enterprises. Resellers can do this through Samsung’s Knox Deployment Program reseller portal. Or, they can use our Knox Deployment Program REST APIs to integrate this functionality into their own websites. The device information is stored on our Knox cloud servers for other services to access.

  2. Knox Mobile Enrollment — Enterprise IT admins use Knox Mobile Enrollment to identify the Mobile Device Management system that manages purchased devices. Enterprises can do this through Samsung’s Knox Mobile Enrollment web portal or they can use our Knox Mobile Enrollment REST APIs to integrate this functionality into their own websites. The MDM information is stored on our Knox cloud servers for other services to access.

  3. Mobile Device Management — When a purchased device first boots up, the Knox Enrollment Service connects to a Knox cloud server to see which MDM manages it, then connects to the MDM server to download the MDM client app. The MDM client deploys any corporate policies set up by the IT admin. So the device is enterprise ready right out of the box with minimal user setup needed. MDM clients use the Knox SDK.

The next three services provide device customization, security, and management.

  1. Knox Configure — System Integrators use Knox Configure to customize devices for a wide range of vertical applications. For example, they can develop purpose-built info kiosks, point-of-sales terminals, inventory trackers, or entertainment systems. System Integrators can do this through Samsung’s Knox Configure web portal and/or the Knox Configure REST APIs. Alternatively, they can use the Knox SDK to fully customize the setup and operation of a device.

  2. Knox Attestation — MDM vendors or Independent Software Vendors (ISVs) can use Knox Attestation to ensure that a device is running authorized firmware that was installed in the factory or upgraded through official updates. They use a combination of Attestation REST APIs and the Knox SDK.

  3. Knox E-FOTA — MDM vendors or ISVs can use Knox E-FOTA to control device firmware updates, which are typically managed by carriers. They can do this through Samsung’s Knox E-FOTA portal.

The final two items support device management, security, and customization on the Samsung devices:

  1. Knox SDK — Developers use the Knox SDK to create apps that manage, secure, and customize Samsung devices. There is a Knox SDK for Android phones and tablets, and a Knox Tizen SDK for wearables. Apps can take orders from a web-based MDM or Knox Configure portal, and implement them on the device using calls to APIs in the Knox SDK. The Knox SDK extends functionality in the Android SDK (for phones and tablets) and Tizen SDK (for watches), offering enhanced device manageability, security, customization, and usability.

  2. Knox Service Plugin — MDM vendors can use the Knox Service Plugin to deploy new Knox features the moment they’re released. Minimally, a web developer uses an iframe to display the list of features configurable through Knox Service Plugin. The Knox Service Plugin client on the device handles the new feature configuration, so that MDM clients don’t need to.

On this page

Is this page helpful?