Back to top

Knox VPN Tools

Last updated February 1st, 2024

Samsung Knox devices provide defense-grade VPNs and continually offer new and evolving VPN capabilities to satisfy the strictest requirements for data in transit.

The Knox Partner Portal provides two apps to enable advanced Knox VPN features:

Android VPN Management for Knox

Version 3.0.18

The built-in Android VPN client is one of the VPN clients that enterprises can use. It is available on all Samsung devices but has been limited to simple VPN configurations as seen in the Android Settings app. Samsung devices come with an enhanced version of the Android VPN Service. The built-in Android VPN client wasn’t designed to take advantage of our advanced VPN capabilities, limiting its use in enterprise environments. Modifying the client to support our enhancements would have required us to maintain our own version of the client and have our client separately certified for FIPS compliance.

We chose to leave the built-in Android VPN client unmodified and instead added a management app to sit in between our enhanced VPN framework and the Android VPN client. This management app is called Android VPN Management for Knox and unlocks advanced Knox VPN features such as:

  • Per-app connections
  • On-demand connections
  • Device-wide connections
  • Always-on connections
  • Blocking routes to prevent data leakage if a mandatory VPN connection drops
  • Proxy support, with and without authentication

To deploy our Android VPN Management for Knox app:

  1. Log in to Knox Developer Dashboard.

  2. Download the Android VPN Management for Knox APK.

  3. Push the APK to a device or work profile on a device.

The new Knox app is backwards compatible with devices running earlier, pre-3.6 versions of Knox.

USB Tethering Authentication for VPN

Version 1.2

With Knox 3.5, Samsung Knox devices could extend a VPN tunnel to a laptop connected through USB. This provided laptop users with the ability to access internal enterprise resources using our defense-grade mobile VPN network. In addition to providing convenience when laptops do not have network connectivity, this offers company cost savings by removing the need to buy additional VPN licenses for laptops.

Knox 3.6 enhanced this feature with better security through a new app that enables Samsung Knox devices to verify that a laptop is owned by the device user. When the user connects a laptop to a Samsung Knox device via USB, the app validates the user certificate on the laptop with allowed certificates installed by the IT admin on the device.

To deploy the new app to authenticate connected laptops:

  1. Log in to Knox Developer Dashboard.

  2. Download the USB Tethering Authentication for VPN APK.

  3. Configure a UEM profile to push and deploy the APK to devices.

  4. Identify the certificates of laptops allowed to connect via USB to each device for VPN access.

The APK provided on the Knox Partner Portal supports only Samsung One UI flagship devices such as the Galaxy S/A/J and Tab S/A. We also have One UI Core devices such as the A21, Tab A7, M51, M31s, and A12. To deploy USB-tethered VPNs on a One UI Core device, please contact us to get another APK that uses a different Samsung platform signing key.



Already enrolled?




Is this page helpful?