Menu

Using the Knox Service Plugin with Knox Manage

Environment 

  • Knox Manage (KM)
  • Knox Service Plugin (KSP)

Overview

This article guides you through the steps on how to set up and use the Knox Service Plugin (KSP) with Knox Manage (KM), as well as explains some of the unique policies that KSP offers in KM.

How do I activate the Knox Service Plugin?

To use KSP with KM, you must first registered KM as the Android Enterprise EMM provider. See Configuring Android Enterprise environments for the registration steps. 

After you have set up your KM console for Android Enterprise:

  1. Navigate to Setting Android Enterprise.
  2. Under Samsung Knox Settings > Knox Service Plugin Application, select Add & Approve
  3. Select Save.

After your changes are saved, Knox Service Plugin Application will show as approved.

NOTE—After KSP has been approved, you no longer need to add the KSP application to the Managed Company Store. 

How do I set up Knox Service Plugin policies in Knox Manage?

KSP offers several unique policies for Samsung devices in KM, which are separated from standard Android device policies in the console. If you are configuring Samsung devices in KM, we recommend using Android Enterprise policies extended by the KSP policies, also referred to as Samsung Knox policies. 

NOTE—To use KSP, you must update the KM agent to V19.12 or higher.

You can start using KSP policies by following the steps below:

  1. Create a new KM profile. 
  2. Under Platform, select Android Enterprise
  3. Select the Samsung Knox setting that appears.

Enabling Android Enterprise > Samsung Knox installs the KSP application on the device. When you configure your device profile, all policies supported by KSP are marked with a green dot next to the policy name. 

How does the Knox Service Plugin extend Knox Manage functionality?

KSP offers a number of additional policies that provide you with more granular control over your fleet of devices. These policies include: 

Data Saver Mode 

Data Saver helps cut down on data usage by preventing some apps from sending or receiving data in the background. Any apps running in the background will not be able to use any data without user permission. 

This KSP policy, located under Samsung Knox System in KM, allows you to choose whether the user can turn Data Saver on or off.

  • If Data Saver Mode is left unconfigured or set to Allow, the device setting can be modified by the user.
  • If Data Saver Mode is set to Disallow, the device setting cannot be modified by the user, and is locked to the option it was set to before the policy was uploaded.

On Samsung devices, the Data Saver feature is set to Off by default. 

Whitelisted Device Admin

The Whitelisted Device Admin policy allows only designated apps to run with Device Admin privileges. 

If the policy is left unconfigured, activating a device admin app through Biometrics and security > Other security settings > Device admin apps prompts a message that the security policy prevents enabling device admins.  

If the policy is set to Allow, you must first add any device admin apps to the whitelist before activating device admin permissions.  

Additional information

To learn more about how KSP works, see the KSP admin guide.