Menu

Configure SSO settings

The Knox Partner Program dashboard can be set up for use with several identity management providers. See below for detailed steps on how to integrate Knox Partner services with your specific provider.

NOTE — If you enable SSO as a sign-in method, you cannot use your Samsung Account to sign into Knox services.

Configure Microsoft Azure AD SSO settings

On the Microsoft Azure portal

Add the Samsung Knox and Business Services app:

  1. Under Azure services, click Azure Active Directory.
  2. In the left sidebar, click Enterprise Applications.
  3. Select New application.

    Select New application

  4. In the Browse Azure AD Gallery section, enter Samsung Knox and Business Services in the search box.
  5. Select the Samsung Knox and Business Services app from the results and add it.

Then, assign users and groups to the Samsung Knox and Business Services app:

  1. In the left sidebar, click Users and groups.
  2. Click Add user/group.
  3. On the Add Assignment screen, under Users and groups, click None Selected.
  4. In the list of users and groups, search for and select the users and groups to assign to the app. Then, click Select.

    NOTE — Selected users must have an Azure Active Directory account.
  5. At the bottom of the screen, click Assign to allow the users to access the app.

Connect to AD SSO

Finally, follow the steps below to set up the Basic SAML configuration:

  1. On the Azure portal, select the Samsung Knox and Business Services application page, navigate to the Manage section and select Single sign-on.

    Navigate to Manage section on Azure Portal

  2. Select SAML as the single sign-on method.
  3. Under Basic SAML Configuration:

    • For the Identifier (entity ID) field, enter https://www.samsungknox.com/.
    • For the Reply URL (assertion consumer service URL) field, enter https://central.samsungknox.com/ams/ad/saml/acs.
    • For the Sign on URL field, enter https://accounts.samsung.com/.
  4. Under SAML Signing Certificate, copy the App federation metadata URL.

    copy the App federation metadata URL

  5. Navigate to the Knox Partner Program dashboard. Click your profile icon > My account. On the account settings page, click SSO SETTINGS. Under App federation metadata URL, paste the value you copied in Step 4.

    AD SSO Settings in KPP dashboard

  6. Click CONNECT TO SSO.
  7. In the AD sign-in window that appears, enter your AD credentials.

Configure Ping Identity SSO settings

On the Ping Identity portal

  1. In the left sidebar, click Connections, then Applications.

    Applications in left sidebar

  2. Click Add Application.
  3. Under SELECT AN APPLICATION TYPE, select WEB APP. In the prompt that appears, next to SAML, click Configure.

  4. On the Create App Profile screen, enter the following information:

    • APPLICATION NAME — Samsung Knox and Business Services
    • DESCRIPTION — Samsung Knox is a comprehensive suite of enterprise solutions for security, manageability, and productivity.

    Then, click Next.

  5. On the Configure SAML Connection screen, under PROVIDE APP METADATA, select Manually Enter.
  6. Under ACS URLS, enter https://central.samsungknox.com/ams/ad/saml/acs.
  7. Under ENTITY ID, enter https://www.samsungknox.com/.
  8. Under Assertion validity duration, enter 60 seconds, then click Save and Continue.
  9. For PingOne users — on the Attribute Mapping screen, under SAML ATTRIBUTES, click ADD ATTRIBUTE > PingOne Attribute. Then, enter the following information in the new attribute:

    • PINGONE USER ATTRIBUTE — Email Address
    • APPLICATION ATTRIBUTEhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name.
    • Select the Required checkbox.

    For PingFederate users — add a new attribute for Email Address and map it to the following application attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

  10. Then, click Save and Close.
  11. On the Applications screen, locate the Samsung Knox and Business Services item and click the toggle to enable it.
  12. Expand the application details and click Configuration. Note the IDP METADATA URL for later.

Connect to Ping Identity SSO

  1. Navigate to the Knox Partner Program dashboard. Click your profile icon > My account. On the account settings page, click SSO SETTINGS. Under App federation metadata URL, paste the IDP METADATA URL value you copied in Step 12.

    Ping Identity SSO Settings in KPP dashboard

  2. Click CONNECT TO SSO.
  3. In the log in window that appears, enter your Ping Identity credentials.

Configure Okta SSO settings

On the Okta portal

First, you need to add the Samsung Knox and Business Services application to your Okta Admin Dashboard. To do so:

  1. Log in to your Okta Administrator Dashboard. In the left sidebar, click Applications.

    Click applications in administrator dashboard

  2. On the Applications screen, click Browse App Catalog.
  3. In the search bar, enter Samsung Knox and Business Services.
  4. Click the Samsung Knox and Business Services app, then click Add.

Once the Samsung Knox and Business Services app is added to your Dashboard:

  1. Assign your user to the app.
  2. Under the Sign on tab, right-click the Identity Provider metadata link and copy it.

    Copy the identity provider link

Connect to Okta SSO

  1. In the top right corner of your Knox dashboard, click the avatar icon to access your account settings. Then, in the left sidebar, click SSO SETTINGS.
  2. Navigate to the Knox Partner Program dashboard. Click your profile icon > My account. On the account settings page, click SSO SETTINGS. Under App federation metadata URL, paste the Identity Provider metadata link you copied from your Okta Admin Dashboard.

    Okta SSO Settings in KPP dashboard

  3. Click CONNECT TO SSO.
  4. In the log in window that appears, enter your Okta credentials.