Knox Service Plugin (KSP)

The Knox Service Plugin app allows the Knox Platform for Enterprise (KPE) features for Samsung devices. For more information, see KSP.

Prerequisites:

• Latest Knox version.

• Knox KSP support in Enterprise Mobility Management (EMM).

• Register EMM with Google for Managed Access.
  

• KSP License number <> and Expiration date <>

Register EMM with Google:

To check the registration status:
Login to VMware Workspace ONE UEM (fomerly AirWatch) > Groups & Setting > All Settings > Devices & Users > Android > Android EMM Registration > Android EMM Registration Status: Successful.

Enrolling the device:

To enroll a device:

1. Select Device & Users > Android > Enrollment Settings.

2. In the Current Setting, choose Override.

3. In the Work Managed Enrollment Type (non-G suite only), select USER-BASED.

4. In the Fully-Managed Device Enrollments, select WORK MANAGED DEVICE.

Configuring the Enterprise Mobility Management (EMM):

Perform the following:

1. Create a User.
   Accounts> List view> Add (Drop Down)> Add User and enter details.

2. Create an Assignment Group (AG).

3. Select Groups & Setting> Groups> Assignment Groups> Add Smart Group and provide a name.

4. Click on Devices Or Users, add the user created, and Save.

5. Create a Profile.

   1. Select Devices> Profiles>Add (Drop Down)> Add profile> Android, click on General .

      1. Enter the name created.

      2. Add the Smart Group created.

   2. Add a certificate (optional).

6. Select Credential> Configure> Credential Source (Upload)> Provide the Credential Name>upload the Certificate.

7. The certificate installed has a random alias name hence a manual installation of certificate in the workspace is recommended

8. Adding apps

   1. Apps & Books> Native> Public> Add Application.

   2. Platform> Android, Source> Search App Store> Knox Service Plugin→ select the Samsung KSP> Approve> Approve> Done.

   3. Click Save & Assign.

   4. Add Assignment> Click on Assignment Groups> Select the AG created earlier.

   5. App Delivery Method> Auto.

   6. Enable Managed Access.

   7. Pre-Release Version> Beta.

   8. App Configurations> Edit.

9. In the KSP Application Configuration, perform the following:

   1. Profile Name: Enter a name.

   2. KPE Premium Key: Enter the KSP premium key.

   3. Debug Mode-Enable. This helps identify profile failures.

10. In Work Profile Policies (Profile Owner) section, add the following:

    1. Enable work Profile configuration controls: Enable.

    2. Allow adding apps from personal space to work profile: Enable.

    3. VPN type: Work Profile.

    4. Enable on-demand VPN: Disable.

    5. Manage list of apps that can bypass VPN: list of samsung vpns.

    6. Name of VPN profile to use: Ensure this is the same as the KSP application name provided.

    7. Enable VPN Chaining: Disable.

11. In VPN Profiles (Premium) section, add the following:

    1. Profile name: PulseVPN.

    2. Vendor: Pulse Secure.

    3. Host: Enter host details.

    4. VPN Connection type: SSL.

    5. Include UID/PID data: Disable.

    6. Certalias: <Enter a name>.

12. In the Certificate management policies, select Enable in Allow applications to read private keys without alerting user (Configure profiles below).