Back to top

Knox Validated Program requirements


The Knox Partner Program provides resources and direct global support for partners ready to build a strategic relationship with Samsung. The Knox Validated Program gives partners more opportunity for greater support and promotion from Samsung.

We refer to Mobile Device Management (MDM), Enterprise Mobility Management (EMM), and Unified Endpoint Management (UEM) collectively as MDM in this guide.

To qualify for a Knox Validated partner solution, MDM partners MUST meet the requirements and, optionally, recommendations presented in this topic.

You can learn more about the Knox Partner Program and the associated benefits on the Knox Partner Program page.

Requirements and recommendations

Code Item Category Requirement or recommendation Related Product Notes
KSP-001 MDMs MUST support OEMConfig (using Managed Google Play). Functionality Requirement KPE/KSP For more details, see OEMConfig.
KSP-002 MDMs SHOULD also support OEMConfig without Managed Google Play (using API-based private or internal app installation and managed configurations) for on-premise environments. Functionality Recommendation KPE/KSP

For more details about Managed Configuration (API), see Device Policy Manager > Set Application Restrictions.

For more details about private or internal app installation (API), see Knox SDK API reference > Application Policy.

KSP-003 MDMs SHOULD also support OEMConfig for the personal space in COMP mode (using API-based private or internal app installation in DO) for STIG compliance. Functionality Recommendation KPE/KSP MDMs SHOULD support AE COMP mode. For more details about STIG compliance, see KSP Admin Guide > STIG Guidelines.
KSP-004 MDMs MUST support OEMConfig feedback channel. Functionality Requirement KPE/KSP For more details, see OEMConfig.
KSP-005 MDMs MUST show Knox policies as part of Android Enterprise policies in the console UI. UX Requirement KPE/KSP This requirement speaks to the discoverability and consistency of KSP user experience in the MDM console. For a detailed list of user experience requirements, see KSP user experience guidelines.
KSP-006 MDMs SHOULD enable the Knox Service Plugin shortcut from Managed Google Play Store. After setting up KSP once, the user should be able to access Knox policies immediately using the Knox policy hook in the MDM console. UX Recommendation KPE/KSP This requirement speaks to the discoverability and consistency of KSP user experience in the MDM console. For a detailed list of user experience requirements, see KSP user experience guidelines.
KSP-007 MDMs MUST provide context when showing KSP results to User. UX Requirement KPE/KSP

To ensure that users receive the necessary information resulting from an action they performed in KSP, we recommend:

  1. Show KSP results separate from other apps.
  2. For items where the field exists in the schema, provide the field title and path within the feedback. For example, for the key "doAppMgmtBatteryWhitelist", show the field's title as "Battery optimization whitelist" and the path as "Device-wide policies > Application management policies".

For a detailed list of user experience requirements, see KSP user experience guidelines.

KSP-008 MDMs MUST support four-level schema hierarchy for OEMConfig Functionality Requirement KPE/KSP For better UX, we require that you follow the schema rendering guidelines described in KSP user experience guidelines.
KSP-009 MDMs SHOULD enable easy navigation and readability of KSP policies by following the scheme rendering recommendations UX Recommendation KPE/KSP Additionally, we recommend that the console UI:
  1. Maximize screen real estate through the use of resizable popups or an iFrame.
  2. Provide context by showing Group and path of a policy.
  3. Avoid any UI that requires theuser to scroll horizontally.
  4. Show full policy title where possible, for example, the user can hover over the title to reveal the entire title if space on-screen is limited.
KME-001 Users MUST be able to directly download the MDM agent through a designated URL on Managed Google Play or your own web server. Functionality Requirement KME This requirement ensures that the user is able to download and install the MDM client without the need to follow complicated download instructions.
KME-002 MDMs MUST implement KME-DO integration so that users can install these components automatically and launch them during the initial device setup process using KME. Functionality Requirement KME We require that the MDM supports Google’s Device Owner provisioning.
KME-003 MDMs SHOULD support passing of user credentials through KME. Functionality Recommendation KME Passing user credentials to the device through KME reduces the chances of user error when setting up the device.
KME-004 MDMs SHOULD provide an integrated user experience for KME functionality — such as reseller, profile, and device management — through their consoles using the KME API. Functionality and UX Recommendation KME Providing an integrated experience ensures that users are able to perform device management activities with ease.
COM-001 MDMs SHOULD include information about the following in their console documentation: Documentation Recommendation Common

MDM console documentation should include the following information:

  1. Set up and configuration instructions.
  2. Instructions on using the KSP debug mode to help users test KSP and device configurations on a limited number of devices. Debug mode helps users see policy results and errors, if any, on a device without impacting the entire fleet of devices.
  3. KSP error messages and troubleshooting procedures for common scenarios.

All of this information and more is available in the KSP Admin Guide.

Is this page helpful?