Knowledge Base ​ > ​ ​Android Device Management ​ > ​ ​Corporate Device Management ​ > ​ ​Samsung Knox Mobile Enrollment ​ > ​   Managing Samsung devices via Knox Mobile Enrollment

Managing Samsung devices via Knox Mobile Enrollment

Updated 2 years ago by Sriram Kakarala

Before you Begin

  1. Access to Samsung Knox account
  2. Procure a Samsung Device from an authorised reseller which KDP Device supplier.
  3. You can also enroll your devices that are not purchased from authorised reseller. In this case you would require,
    1. A Samsung device that you want to enroll: The device should support Knox version 2.4 and above.
    2. Another device where you can install the Knox Deployment App
  4. Create a MDM Profile for Samsung KME Devices.

Enrolling Samsung Devices

Devices procured from a Registered Reseller

You can purchase devices from a Registered Reseller who can supply KME devices. Once you register a reseller, you can choose to Auto approve the devices procured from them and assign a MDM Profile that you have created in previous steps. Please follow the steps here to register a reseller and assign a default MDM Profile. The enrollment video below shows the enrollment experience on the devices.

Video Tutorial

Devices purchased from Carrier or Directly:

KME allows you to enroll your devices that you may have purchased from Carrier or from Online/offline stores. These devices require the following steps before the device is enrolled in KME,

Pre-Requisites

  1. Target Device: On the Samsung device that needs to be enrolled, verify that the Knox version of the target device is more than 2.4. This can be verified in the Settings > About Phone > Software Information. For easy understanding let us call this as Target Device in next steps.
  2. Seed Device: You would need another device that would help in the enrollment. This device can be any device where you can Download and Install Knox Deployment App from Google Play Store on another device. For easy understanding let us call this device Seed Device in next steps.
  3. Probably another cup of coffee :-)

Video Tutorial

A quick video demonstrating how to use Knox Deployment App to enroll a Samsung A10 and a Device Admin MDM Profile

Note: In case of a Device Owner Profile, the device will be factory reset before the enrollment.

Steps

  1. First on the Seed device, launch the Knox Deployment App. Sign In using your KME credentials.
  2. Click on Knox service & select Knox Mobile Enrollment. You will be shown the MDM Profiles that you have created on KME console.

  1. Click on the MDM Profile that you want to enroll. For this demo we are using a Device Admin MDM profile, e.g: Sales-Unit-DA
If you select a Device Owner MDM Profile then the device will be factory reset before the enrollment is started. The enrollment flow will be similar to as shown in Devices procured from a Registered Reseller section.
  1. Now select the Deployment Mode, which means how you are going to pair the Seed and Target device for the enrollment to start. For this option we will use Bluetooth. The options are,
    1. Bluetooth: This mode will start the enrollment by pairing the two devices using Bluetooth. Because of its wide availability this is a preferred option. You would need to select a duration for how long the bluetooth will be ON on the target device. It normally takes about 5 minutes to enroll one device. Depending upon the number of devices please choose an appropriate duration.
    2. NFC: This mode requires that both seed and target devices have a NFC chip and support NFC beam.
    3. Wi-Fi Direct: Use Wi-Fi direct on the target device to deploy the profile.
  2. Wi-Fi for Deployed Devices: This option is useful if you are enrolling the target device in Device Owner mode, so that when they are factory reset they can pickup a Wi-Fi automatically.
  3. Click START DEPLOYMENT once ready.

  1. Now the focus shifts to Target Device. On the target device, launch the browser app and navigate to https://me.samsungknox.com. Click NEXT once the page loads.
  1. This will start the enrollment process and ask you for a confirmation. Click NEXT again,

  1. At this point of time, the seed and target devices will be paired and if it succeeds you will see the following screen. Click NEXT

  1. Once you agree to the Samsung Knox Terms, the device will start enrolling the device by downloading the Scalefusion APK, launching the APK and then directly taking you to permissions screen. If it succeeds then you would see the following screen,
If you had selected a Device Owner MDM Profile, then the device will be factory reset.
  1. From this point onwards this is the normal Scalefusion setup process. Please grant all the permissions and complete the setup. Once the device is enrolled, it would start appearing in Samsung KME portal and also Scalefusion Dashboard.
    1. Samsung KME Portal > Devices
    2. Scalefusion Dashboard > Devices

Un-enrolling a Device or Deleting a Device

  1. To un-enroll a device from KME program please delete the device from the Samsung KME portal. This would just delete the device from KME programme and make sure that the device does not enforce the enrollment upon subsequent factory reset or if you uninstall Scalefusion app.
Note that this step is irreversible and would require you to re-enroll the device using Knox Deployment App to manage it via KME.
  1. The step above, remove the device from KME program. However the device is still managed by Scalefusion. To remove the device management, please follow the steps below,
    1. Delete the device from Scalefusion Dashboard
    2. Uninstall Scalefusion app from device system settings. Note that if the device was setup as Device Owner, it may require factory reset.

Frequently Asked Questions

Question: Why do we have to complete the EMM setup to use Samsung KME Program?

Answer: Samsung works closely with Android Enterprise program and the Device Owner profile type helps you leverage the EMM features apart from the Knox features.

Question: The devices that we procured from a reseller do not appear in Samsung KME portal?

Answer: Please contact your reseller to make sure that they have uploaded the list.

Question: Scalefusion app is not downloaded on the devices that we procured from a reseller?

Answer: Please make sure that you have assigned a MDM Profile to the devices uploaded by the reseller. Please follow the guide here to assign a profile once you have created the MDM Profile.

Question: We see an error that the Device is not supported when trying to enroll the device using Knox Deployment Program?

Answer: This can happen for the following reasons,

  • Knox Version: The device does not support the minimum Knox version required. At the time of writing the minimum version was Knox 2.4. Please make sure that the OS and Firmware is updated and try again.
  • Conflicting Device & KME Region: This may happen if the device that you are enrolling does not belong to the region where you have the KME account. So if you have purchased a device in LATAM/NorthAm region then you would require access to US KME portal, similar for devices procured in RoW you would require the normal KME portal access.

How did we do?

Powered by HelpDocs (opens in a new tab)