- Welcome
- Basics
- Device apps
- Overview
- SDK Licenses
- Knox SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorials
- Features
- API Reference
- Sample Apps
- Overview
- Get started with the Knox SDK
- Get started with KPE Premium licenses
- Knox and Android Work Profiles
- Knox Attestation
- Kiosk Mode
- Samsung DeX Mode
- Knox Container
- Knox SDK Backwards Compatibility
- Application Management
- Microsoft Exchange Accounts
- VPN Configuration
- Client Certificate Manager (CCM)
- Tools
- FAQs
- FAQ Index
- General
- What is the Samsung Knox SDK?
- Where can I obtain a white paper for Samsung Knox?
- What versions of Android support the Knox SDK?
- How can I check if my device firmware is an engineering or commercial build?
- How can I access the binaries before they are released?
- What is a deprecated API method?
- What are the features by default set to hidden/disabled in ProKiosk mode?
- What are credentials?
- What is Knox TIMA CCM?
- Is Knox supported on other platforms, such as windows?
- Which hardware control features can be managed inside Knox Workspace, using the Knox SDK?
- Why do a few Knox SDK APIs not work on some devices?
- Can Google Play used to deploy Knox apps?
- Can I use managed configurations for Samsung Knox features?
- Can a third-party app use the Knox SDK to get LDAP information?
- How do I enable users to select a 3rd party keyboard?
- How does my device's serial number change with Knox 3.2.1?
- If I don’t use the UCM APIs of the Knox SDK, what are my options for credential storage?
- Installation
- How do I use an SDK packaged as an Eclipse IDE add-on with the Android Studio IDE?
- Is it possible to install an app silently on a device using Knox SDK?
- Why am I still able to download an app even though I have added it to blacklist with the method addAppPackageNameToBlackList(), from the Knox SDK?
- How can an app find out which apps are installed in and outside a container, using the Knox SDK?
- How can an app block the installation of a non-trusted app, using the Knox SDK?
- What does "Security policy prevents installation of this application" mean?
- Can I prevent an end user from installing certificates, with the Knox SDK?
- Does API method installApplication(String packageName) download apps from the play store and install them silently?
- Does the API method setApplicationUninstallationDisabled disable the uninstallation of apps inside the container, when using the Knox SDK?
- Why is the installCertificate API method not successfully installing a certificate on my device?
- Licensing
- How do I use license keys?
- What is the KPE Premium license key and why should I use it?
- What is the backwards compatible key?
- When do I need to use the backwards compatible key?
- Do I need to associate my app with a backwards compatible key?
- How have license key names changed?
- When is the ELM key service terminated?
- What will happen to existing commercial KLM license keys?
- What will happen to existing commercial ELM license keys?
- What should I do if I want to service my app which uses ELM?
- Would the legacy ELM and KLM keys still work with the Knox Platform for Enterprise (KPE) key?
- Which keys can be used in combination with each other?
- What is automatic license seat release?
- What are license permissions?
- What is the difference between Standard and Premium permissions?
- How do I declare permissions?
- Customization
- SDP
- UCM
- Samsung DeX
- Containers
- How does an app detect if a container was created using the Knox SDK?
- How do I install the MDM agent inside the Knox container?
- I have created a "container only mode" container and I am locked inside, using the Knox SDK. How do I exit?
- Why do I get error KnoxContainerManager.ERROR_INTERNAL_ERROR(-1014) while creating a container?
- ELM end of service
- DA Deprecation
- What is DA Deprecation?
- What is the impact of DA deprecation to Knox?
- As a Knox partner what actions do I need to take for DA deprecation?
- Are there any changes to Knox Configure due to DA deprecation?
- Can I use my DA app alongside Knox Configure?
- As DA management mode is not available in Android Q, can I enroll via KME to Work Profile only?
- Can my DA app coexist with a UEM app running as DO?
- Does KME still support the enrollment of devices using DA mode?
- What happens to DA apps when upgraded from Android P to Android Q?
- KBAs
- Knox Tizen SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorials
- API Reference
- Sample Apps
- FAQs
- FAQ Index
- General
- How is Tizen related to Knox?
- Which devices support the Knox Tizen SDK for Wearables?
- What version of the Tizen SDK should I install before installing the Samsung Knox Tizen SDK for Wearables?
- Should I install any extension SDK before installing the Samsung Knox Tizen SDK for Wearables?
- What are the modes in which you can use the Samsung wearable device?
- What are the supported Wi-Fi security types?
- How do I get the attestation blob?
- What is a nonce and why is it valid for a short time period?
- What is ProKiosk mode?
- Licensing
- Samsung EDU SDK
- Overview
- About the SDK
- What's new
- Get started
- Tutorial
- Features
- API Reference
- Sample App
- FAQs
- FAQ Index
- General
- What is Samsung EDU SDK ?
- Which devices support the Samsung EDU SDK?
- Who does Samsung EDU SDK benefit?
- How does Samsung EDU SDK benefit 3rd party developers?
- What features can I implement with Samsung EDU SDK?
- How many students can EDU SDK support in a single session?
- What agents are supported in EDU SDK?
- What is a Custom agent?
- Can a teacher lock a student's device?
- Licensing
- Usage
- Can the EDU SDK be used with non-Samsung devices?
- Can Samsung EDU SDK be used in both tablets and smartphones?
- Does EDU SDK work with AllShare cast?
- Does the Samsung EDU SDK have any limitations when used remotely?
- How do I capture logs from a device to submit to technical Q&A?
- What is BaseAgent?
- What is the Smart graph feature? How can it be used?
- Samsung India Identity SDK
- Overview
- About the SDK
- What's new
- Get started
- Features
- API Reference
- Sample Apps
- FAQs
- FAQ Index
- General
- Installation
- Licensing
- Usage
- How do I verify if my device supports Samsung India Identity SDK?
- Should I capture the IRIS image of one or both eyes?
- When do I use the UIDAI Staging server and UIDAI Production server?
- What are the URLs that need to be whitelisted for enterprise-managed devices using the Samsung India Identity SDK APIs?
- Who is impacted by the upgrade of the biometric public devices to registered devices?
- Is there any hardware change required to upgrade the public devices to registered devices?
- What are the application (APK) changes required to upgrade the public devices to registered devices?
- Web services
- Overview
- Cloud Authentication
- Knox Deployment Program
- Knox Mobile Enrollment
- Knox Configure
- Knox Attestation
- Knox E-FOTA
- Overview
- About Knox E-FOTA
- What's new
- Get started
- Tutorial
- API Reference
- FAQs
- FAQ Index
- General
- What is Knox Enterprise FOTA (E-FOTA)?
- What are the main features of Knox E-FOTA?
- What industries benefit from Knox E-FOTA?
- Why do enterprise customers need Knox E-FOTA?
- What benefits do MDM developers get from Knox E-FOTA?
- What Samsung devices support Knox E-FOTA?
- Is there a server dedicated to Knox E-FOTA?
- If I sent a request in JSON for Knox E-FOTA, will I receive a JSON return instead of XML?
- Can I use Knox E-FOTA v1 APIs in combination with Knox E-FOTA v2 APIs?
- What is the main difference between FOTA and Knox E-FOTA?
- What types of firmware updates does Knox E-FOTA manage?
- With FOTA, can you skip a firmware version and upgrade to the subsequent version?
- Can I use Knox E-FOTA to set the highest firmware version allowed on multiple devices?
- Does Knox E-FOTA support firmware downgrades?
- Do customers need to have a contract with Samsung to use a site license for Knox E-FOTA?
- How can the FOTA server identify devices that use Knox E-FOTA?
- What are the device requirements for a Knox E-FOTA update?
- Are there any restrictions on what firmware can be downloaded using Knox E-FOTA?
- How can I get release notes for Samsung firmware releases?
- What if a firmware update is performed on a device that has a higher firmware version than the update?
- Is there a way to avoid incurring mobile charges when using Knox E-FOTA?
- What licenses are required to use Knox E-FOTA?
- Can carrier devices use Knox E-FOTA?
- Installation
- Usage
- If I don’t use Knox E-FOTA, what are my options for managing firmware?
- When using Knox E-FOTA, what if a device already has a firmware version higher than the version that we need to update to?
- When using Knox E-FOTA, does a forced firmware update still ask the device user to agree to the update?
- Where can I get release notes for each Samsung firmware version?
- Appendix
- Managed configurations
- Introduction
- Deploy managed configurations
- FAQs
- FAQ Index
- What are managed configurations?
- Why should I use managed configurations?
- How do managed configurations work?
- Can I use managed configurations for Samsung Knox features?
- What is a managed configurations XML schema file?
- Which Samsung apps support managed configurations?
- How do I deploy managed configurations on an MDM console?
- Where can I get the XML schemas for Samsung apps that support managed configurations?
- Is there sample code showing how an MDM web console can deploy an iframe that renders a managed configurations XML schema?
- What email app is preloaded on Samsung devices?
- Knox Service Plugin
- Samsung Email
Before you begin
This section provides a set of instructions to follow if you're a new developer who wants to use the Knox E-FOTA service. If you're new to developing for Knox E-FOTA, read through this section to set up before you begin.
Terms
- Corp ID—This identifies MDM customers for Knox E-FOTA and their enterprise devices. A corp ID follows the following format: "mdmId/customerId/groupId", and is provided by Software license management (SLM).
- MDM ID—This identifies your company among other partners in our Knox Partner Program. The mdmId is a 10-character alphanumeric string. For example, "d1e2f3g4h5" which represents your vendor ID in Knox Partner Program.
- Customer ID—This identifies one of your enterprise customers registered to use the Knox E-FOTA service and is provided by Software license management (SLM). The
customerIdis a hyphen-separated 32-character hexadecimal string. For example, "EEEE4444-FF55-AA66-BB77-CCCCCC888888". - License—This identifies the Knox E-FOTA license purchase order and tracks customer usage of the Knox E-FOTA service for billing purposes. During development, you use a Knox E-FOTA trial license (valid for 3 months, maximum 100 devices). During commercial deployment this license is purchased. Format is: "EFOTA1-fff555-ggg666-hh77".
- Client ID—Used to generate an OAuth 2.0 access token to authenticate your identity in REST API calls. A hyphen-separated 32-character hexadecimal string, for example, "aaaa1111-bb22-cc33-dd44-eeeeee555555". Go to view your license keys to obtain your license key number, and use the license key number as your client ID.
- Client secret—Used to generate an OAuth 2.0 access token to authenticate your identity in REST API calls. A hyphen-separated 32-character hexadecimal string, for example, "bbbb2222-cc33-dd44-ee55-ffffff666666".Go to view your license keys to obtain your client secret.
- Sales code—The consumer software customization code for the device carrier. Previously called
carrierCodein Knox E-FOTA version 1. Format example: "ABC".
Requirements
- Knox Partner Program account—After creating a Samsung Account, you will have a Knox Partner Program developer account. After, you must apply to upgrade to a Knox Partner Program account.
- Knox E-FOTA REST API Key—Before using Knox E-FOTA APIs, you must first request credentials for Knox E-FOTA to obtain the REST API key, which expires after 1 year during trial. Note that you will need to be a partner before being able to do this. After your request is confirmed, you will obtain a
client_idandclient_secret. - Corp ID Knox E-FOTA license—After requesting credentials, you must then contact us to request a Corp ID and Knox E-FOTA license. During commercial deployment, this license is purchased, but while trying Knox E-FOTA you will receive a development trial license through an email sent by Software license management (SLM), which expires after 3 months. The email will have the following information:
license,CorpId,mdmId, andcustomerId. - Obtain enterprise device information—When registering enterprise devices to Knox E-FOTA, you first need to obtain the
salesCodeandserialNumber.
Create a Samsung Account
If you haven't already created a Samsung Account on the Knox Partner Program portal, follow the steps below:
- Go to the Knox Partner Program portal and click BECOME A PARTNER.
- Enter your work email address.
- In the login page, click Sign up here.
- Click the links available and read them carefully. Check the boxes and click Agree to acknowledge you have read and agree to the following terms.
- Provide the necessary information for the required fields and click NEXT to register for the Samsung Account.
- In your email inbox, open the confirmation email for the Samsung Account and click the verification link.
You have now successfully created a developer account on Knox Partner Program. Proceed to sending a request to become a Knox Partner Program partner.
Request to upgrade to Knox Partner Program partner
NOTE—Only partner accounts can have access to the Knox E-FOTA service. New developers must first enrol through the Knox Partner Program portal .
To become a Knox Partner Program partner, follow the steps below:
- Log into the Knox Partner Program portal with your developer account.
- Submit a Knox Partner Program upgrade form to upgrade from developer to partner status.
Once you've created a partner account, you're ready to request a Knox E-FOTA key.
Request credentials for Knox E-FOTA
A REST API key is required to generate an OAuth 2.0 access token to authenticate your identity in REST API calls. Once you're a Knox Partner Program partner, you can obtain a development test REST API key after requesting credentials through Knox Partner Program. During commercial deployment, you can obtain a commercial REST API key after purchasing a Knox E-FOTA license.
NOTE—Development test credentials are valid for 1 year after the issued date. For more details, read more About License Keys.
Send a request for credentials
- Log into your Knox Partner Program partner account.
- Go to your dashboard and click License Keys > My License Keys.
- Click Add License Key > Get a License Key.
- Click the Knox E-FOTA REST API Key tab.
NOTE— If you don't see this tab, your approval to upgrade may still be pending.
- Fill out the request form.
- Key request title—For example "Knox E-FOTA REST API key request".
- Customer name—Enter the company's name.
- Customer location—Enter the company's country.
- Customer website—Enter the enterprise website.
- Key alias—If your company has multiple licenses, it's helpful to enter a key alias to differentiate between multiple keys. This assigns a name label to the REST API key to help you identify a specific key when your enterprise possesses multiple keys.
- Customer industry (optional)—Enter the enterprise industry category.
- Comments (optional)—Enter any additional comments here.
- Click Request Key.
View your Knox E-FOTA REST API keys
Once you are approved to use the Knox E-FOTA service, you will receive an email. Click RETRIEVE Knox E-FOTA KEY to view your licenses.
Alternatively, follow the steps below:
- Log into your Knox Partner Program partner account.
- Go to your dashboard and click License Keys > My license keys.
- Click on your license key alias to view the license details and get:
- license key number—A hyphen-separated 32-character hexadecimal string, for example,bbbb2222-cc33-dd44-ee55-ffffff666666.
- client secret—A hyphen-separated 32-character hexadecimal string, for example,bbbb2222-cc33-dd44-ee55-ffffff666666.
You will use your license key number as your client_id with your client_secret to generate OAuth 2.0 access tokens, which are used to authenticate your identity in REST API calls.
Request a Corp ID and Trial Knox E-FOTA license
Prior to your Knox E-FOTA solution going live, enterprises must first purchase a license. While you are still developing your Knox E-FOTA solution however, you use a development license to simulate enterprise customers with paid licenses.
NOTE—The trial Knox E-FOTA license and Corp ID expires after 3 months. For more details, read more About License Keys.
To Request a Corp ID and trial Knox E-FOTA license, you will need to submit a ticket through Salesforce by following the steps below:
- Log into your Knox Partner Program partner account.
- Go to your dashboard.
- Click Support > Technical Support.
- In the topic drop-down menu, select Knox E-FOTA inquiry.
- Fill out the mandatory fields. In the Message field, ensure that you include a request for the following information in the description:
- Corp ID—This identifies MDM customers for Knox E-FOTA and their enterprise devices. A corp ID follows the following format: "mdmId/customerId/GroupId", and is provided by Software license management (SLM).
- Development test key for Knox E-FOTA—This identifies the Knox E-FOTA license purchase order and tracks customer usage of the Knox E-FOTA service for billing purposes. During development, you use a Knox E-FOTA trial license (valid for 3 months, maximum 100 devices).
- Click Finish.
After your request has been reviewed and approved by SLM, you will receive an email with your Corp ID, customer ID, MDM ID and Knox E-FOTA development key in the following email:
After obtaining the required information, you'll be ready to begin developing your web server code in the tutorials section of this guide.
Purchase a Knox E-FOTA license
Once you're ready to purchase a license, there are two ways to purchase a license:
- You can purchase a 1 year license.
- Contact your local reseller to purchase your Knox E-FOTA license.
NOTE—Make sure that you're logged in as a partner or apply to become a Knox Partner Program partner. If you login with a developer account, you will be re-directed to the Contact Us page.
You encode this info into REST API calls to the Knox E-FOTA server, and also in the Android API call used to set the allowed firmware version on a device.
