WIXLIB

IT AdminGuideUser GuideKnox Developers App (KDA)User Guide v1.0December 2017

Samsung Knox Deployment App (KDA) User GuideCopyright NoticeCopyright 2017 Samsung Electronics Co., Ltd. All rights reserved. Samsung is a registered trademark of Samsung Electronics Co., Ltd., used with permission. SamsungKNOX is a trademark of Samsung Electronics, Co., Ltd., used with permission. Specifications and designs are subject to change without notice. Non-metric weights andmeasurements are approximate. All data was deemed correct at time of creation. Samsung is not liable for errors or omissions. Android and Google Play are trademarksof Google Inc. ARM and TrustZone are registered trademarks of ARM Limited (or its subsidiaries) in the EU and/or elsewhere. Bluetooth is a registered trademark ofBluetooth SIG, Inc. worldwide. Cisco AnyConnect is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. F5Big IP-Edge Client is a registered trademark of F5 Networks, Inc. in the U.S. and in certain other countries. iOS is a trademark of Apple Inc., registered in the U.S. andother countries. Junos Pulse is a trademark of Pulse Secure, LLC. KeyVPN Client is a trademark of Mocana Corporation. Microsoft Azure and Microsoft Active Directoryare either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. NFC Forum and the NFC Forum logo aretrademarks of the Near Field Communication Forum. OpenVPN is a registered trademark of OpenVPN Technologies Inc. Oracle and Java are registered trademarks ofOracle and/or its affiliates. Other names may be trademarks of their respective owners. strongSwan is an open source software under General Public License aspublished by the Free Software Foundation. Wi-Fi is a registered trademark of the Wi-Fi Alliance. All brands, products, service names and logos are trademarks and/orregistered trademarks of their respective owners and are hereby recognized and acknowledged.Document HistoryDateChangesDecember 2017Version 1.0Contact InformationIf you want to contact us about You have these options General Knox questionsKnox Portal for comprehensive information about KnoxHow to get KnoxContact Knox Sales to try Knox, start a free trial, get pricing info, or buyKnoxTechnical questionsKnox Support for self-help resources like videos, guides, and FAQsIf you already have a Knox portal account, log in to see all the resourcesavailable to you. If you do not have an account, you can register for one.Other support optionsContact Knox SupportCopyright 2017 Samsung Electronics Co. Ltd.1

About the KnoxTM Deployment AppThe Knox Deployment App is a mobile application uniquely designed to help streamline the enterprisedeployment of Samsung phones and tablets running Knox 2.7.1 or higher. The Knox Deployment App enablescustomers to perform seamless deployment of devices through Knox Deployment Services - Knox Configure(KC) or Knox Mobile Enrollment (KME).The Knox Deployment App provides the flexible option to IT admins needing to bulk enroll end-user devices toKC and/or KME without having a reseller. Using this app allows IT Admins to reduce their bulk deploymenttime, by using a master device without factory resetting each device. Once enrolled, an IT admin can easilylocate the devices within the KC or KME portal(s).NOTE - Using the Knox Deployment APP does not apply the profile to the admin/master device. It onlybroadcasts the profile to the devices in the vicinity.NOTE – Only end-user devices within physical proximity of the admin/master device with an active KnoxDeployment App can use the Knox Deployment App to Bluetooth or NFC enroll to KC.NOTE – When using the KDA for either a NFC or Bluetooth enrollment, an end-user can still cancel enrollmentvia the Skip Setup Wizard profile setting.Bluetooth enrollmentTo support Bluetooth-based enrollment, an IT admin can install the Samsung Knox Deployment App on adedicated admin/master smartphone or tablet device, and select existing KC or KME (or both) configurationprofiles. If the user’s device is within proximity of the master device, the user device connects to the admindevice wirelessly via Bluetooth without a PIN or password requirement.NFC enrollmentWith Near Field Communication (NFC) enrollments, a non-B2B device is “bumped” (held closely together) withanother smartphone device with Knox Deployment App running and scanning in NFC mode. The dedicatedmaster NFC device displays profiles available for enrollment and end user device enrollment begins once an ITadmin selects a profile. The NFC enrollment option is not available to tablet devices.Copyright 2017 Samsung Electronics Co. Ltd.2

PrerequisitesTo support Bluetooth or NFC enrollments using the Knox Deployment App, an IT admin must: Secure a Samsung account, and ensure:o Your devices support the Bluetooth or NFC protocols. Check your device specification if unsureo You have at least one profile configured in Knox Configure or Knox Mobile Enrollment portalSecure the appropriate licenses to enroll devices (through the Samsung Knox Portal)Install the Knox Deployment on an admin/master device, and login using their Knox Portal ID/passwordSelect a KC or KME profile on the master device to apply to the end-user devicesAboutKnox Deployment App version information and available open source licenses can be referenced from withinthe ABOUT screen. Samsung recommends you periodically compare the Knox Deployment App’s version tothe latest available from Samsung to ensure you have the latest feature set and functionality available.NOTE - The screens utilized within this guide are from a smartphone. If running the Knox Deployment App ona tablet, the information on the screen would be identical, just optimized to fit the tablet’s display capabilities.The launch the Knox Deployment App’s About screen:1. Invoke the drop-down menu from the top, right-hand, side of the device and select About.2. Refer to the listed version number and note the version. If needed, select Open source licenses toreview the available open source licenses available to your Knox deployment.Copyright 2017 Samsung Electronics Co. Ltd.3

Using the KnoxTM Deployment AppThis section describes the screen flow navigation for a typical Bluetooth or NFC based enrollment using theKnox Deployment App.1. Select SIGN IN once the Knox Deployment App launches on the device.NOTE – If the Knox Deployment App is already running on the device, theinitial screen does not display, and the application displays the sign in screen.2. Enter the Knox Portal Username and Password to login into the Knox Deployment App.3. Select Remember me to display and utilize the username in subsequent Knox Deployment App logins.NOTE – If you encounter difficulty logging in to the Knox Deployment App, ensure you have either avalid Knox Portal account with privileges for KC/KME. If that is not the issue, select Forgot your emailor password? for assistance retrieving your login credentials.Copyright 2017 Samsung Electronics Co. Ltd.4

4. Select SIGN IN to proceed with the device login.Once you have successfully logged into the Knox Deployment App, a WELCOME screen displaysproviding first-time options for profile selection and deployment mode.NOTE – Once the Knox Deployment App profileselection and configuration mode are set, the selectedoptions display within their respective fields, theSTART DEPLOYMENT option enables, and theWelcome portion of screen no longer displays insubsequent logins.Profile selectionSelect a profile to utilize within the Knox Deployment App to apply specific device settings to the master admindevice using Bluetooth or NFC to enroll end user devices. For more information on Knox Configure and KnoxMobile Enrollment, go to: Appendix A.To select a configuration profile using the Knox Deployment App:1. Select Tap here to select a profile from the Welcome screen display a list of profile selection options.Copyright 2017 Samsung Electronics Co. Ltd.5

2. Optionally filter whether All profiles are listed for potential selection or just Knox Configure or KnoxMobile Enrollment defined profiles. The most recent profile additions display first within theirrespective categories.Each listed profile has a brief description to helpdetermine its relevance to a potential Bluetooth deviceenrollment using the Knox Development App.If needed, select the Search icon near the top of thescreen to display a search field where existing profilescan be located and displayed. The search function onlylocates filtered profiles.If no profiles are available, a profile requiresregistration using either the KC or KME portals atwww.samsungknox.com (valid login required).3. Select a listed profile. Once selected, the profile displays upon subsequent logins. The profile is nowready for Bluetooth or NFC deployment mode selection as described in the sections that follow.Copyright 2017 Samsung Electronics Co. Ltd.6

Bluetooth DeploymentOnce profiles are set on the master admin device, the IT admin needs to set Bluetooth as the deploymentmode and define the Bluetooth duration interval. End users can then enroll their device by entering theappropriate URL via KC or KME (but not both).To deploy devices using the KDA:1. From the admin master device, navigate to the SELECT DEPLOYMENT MODE screen and selectBluetooth as the device deployment mode.2. Set the Bluetooth Duration for either 30 minutes, 1 hour, 3 hours, 5 hours or 8 hours. Select OK tosave the duration.Note - The Bluetooth duration is deployment activation period for end userdevices receiving their profile configuration from the IT admin’s master device.Once the set duration expires, devices cannot enroll with the KnoxDeployment App, and the process must be repeated to continue theenrollment of other required devices.NOTE – The device must remain on for the entire Bluetooth duration, soensure battery resources are available if selecting a longer duration option.3. From the Knox Deployment screen, the admin selects START DEPLOYMENT to initiate the definedBluetooth Duration interval.Copyright 2017 Samsung Electronics Co. Ltd.7

NOTE - As long as the defined Bluetooth Duration interval is still countingdown, and user has not put the application in the background, the device’sdisplay will not time out.NOTE – Bluetooth must be turned on and running on the device to startdeployment. If Bluetooth is off, a prompt displays and the admin must selectTURN ON to enable Bluetooth.4. The device’s end user must go to https://me.samsungknox.com and complete the instructions provided.5. The end user then selects FINISH DEPLOYMENT to complete the enrollment.NOTE – Once completed, the Bluetooth enrolled profile displays within KC orKME with other enrolled profiles. If necessary, refer to the device’s Aboutscreen for Knox Deployment App version information and open source licenseavailability.Copyright 2017 Samsung Electronics Co. Ltd.8

NFC DeploymentOnce profiles are set on the master admin device, the IT admin needs sets NFC as the deployment mode. Ifyou are NFC enrolling a device using both KC and KME, use KC first.To deploy devices using the KDA:1. From the admin master device, navigate to the SELECT DEPLOYMENT MODE screen and selectNFC as the device deployment mode.NOTE – To deploy, both NFC and Android Beam must be on within thedevice’s Settings menu.2. Beam enrollment information by holding the admin/master device back-to-back with an NFC enabledand compatible device and then pressing the screen as illustrated below.Copyright 2017 Samsung Electronics Co. Ltd.9