Knox Mobile Enrollment

Introduction

Knox is a security platform for Samsung devices that enables centralized and secure management of mobile endpoints in enterprise environments. The platform supports efficient device provisioning, configuration, and protection.

Samsung Knox Mobile Enrollment (KME)

Samsung Knox Mobile Enrollment (KME) enables automated provisioning of Samsung devices for management in a Mobile Device Management (MDM) system such as Relution.

After a device is powered on for the first time and connected to the internet, the setup process starts automatically. Even after a factory reset, the device automatically re-enrolls into the assigned MDM system.

KME provides functionality comparable to Apple’s Device Enrollment Program (DEP).

Requirements

  1. Samsung devices can be registered in the KME program directly by authorized resellers using the device serial number.

  2. Devices not purchased through authorized resellers can be added manually:

    • by scanning a dedicated QR code during device setup
    • or by using the Knox Mobile Deployment app on an additional Samsung device

The KME program is provided free of charge after registration in the Samsung Knox Portal. Samsung Knox Portal →

The Knox Mobile Enrollment configuration available in the Relution settings must not be used. This configuration is outdated, intended exclusively for Android Legacy, and only supported up to Android version 10.

Instead, use the following guide:
Link organization →

Combining KME with Android Enterprise

Samsung Knox Mobile Enrollment can be combined with the following Android Enterprise enrollment types:

  • Managed Device
  • Managed Device with Work Profile (COPE – Company Owned, Personally Enabled)

KME Enrollment in Relution

Preparing Enrollment in Relution

  1. Navigate to Devices → Enrollments.
  2. Select Add.
  3. Configure:
    • Platform: Android Enterprise
    • Type:
      • Set up Managed Device
      • or Set up Managed Device with Work Profile
  4. Enable the Multiple Enrollment option.
  5. Select a long-term expiration date (e.g., 100 years).
  6. Save the enrollment.

After saving:

  • Open the created enrollment.
  • Navigate to Enrollment Information → Via DPC Identifier.
  • Copy the provided KME Custom JSON for later use in the Knox Portal.

Creating a KME Profile in the Samsung Knox Portal

  1. Sign in to the Samsung Knox Portal →
  2. Navigate to Profiles.
  3. Select CREATE PROFILE.

Profile Settings

  • Assign a profile name and description.
  • Enable EMM.
  • Disable Knox Service Plugin.
  • Continue with Next.
  • Complete the contact information.

EMM Information

  • Under Select your EMM (required) choose: Other
  • In Link to agent APK (required) enter:
https://play.google.com/managed/downloadManagingApp?identifier=setup
  • Continue with Next.
  • Insert the DPC generated in Relution under DPC Extras.
  • Paste the previously copied JSON into Custom JSON Data.
  • Finish by selecting Create.

Optional: Creating a QR Code

A QR code can be created for device enrollment or for adding new devices to KME.

Procedure:

  1. Select ADD A QR CODE.
  2. Enable Also allow QR Code enrollment for devices not uploaded by a reseller if devices were not pre-registered by a reseller.
  3. Optionally configure Wi-Fi settings to simplify bulk device provisioning.
  4. Confirm with ADD.

To use the QR code, draw a plus sign (+) on the Samsung welcome screen. This opens the QR code scanner.

Linking Devices to the Profile

If no QR code is used:

  1. Navigate to Devices in the Knox Portal.
  2. Select the desired devices.
  3. Choose Actions → Configure Devices.
  4. Power on the devices.