Samsung Knox bulk enrollment 编辑
To enroll multiple Samsung Knox devices into XenMobile (or any mobile device manager) without manually configuring each device, use Knox Mobile Enrollment. The enrollment occurs upon first-time use or after a factory reset. Admins can also pass user names and passwords directly to the device, so users don’t need to enter any information upon enrollment.
Note:
The setup for Knox Mobile Enrollment is not related to the XenMobile Knox container. For more information on Knox Mobile Enrollment, see the Knox Mobile Enrollment Admin Guide.
Prerequisites for Knox Mobile Enrollment
- XenMobile must be configured (including licenses and certificates) and running.
- Secure Hub APK file. You upload the file when setting up Knox Mobile Enrollment.
- For a list of KME requirements, see the Knox Mobile Enrollment Introduction.
- Samsung Knox Platform for Enterprise (PKE) license, required to apply device policies. Provide the license key in the XenMobile device policy, Knox Platform for Enterprise.
To download the Secure Hub APK file
Go to the Google Play store to download the Citrix Secure Hub for Android file.
Configure firewall exceptions
To access Knox Mobile Enrollment, configure the following firewall exceptions. Some of these firewall exceptions are required for all devices and some are specific the device’s geographical region.
| Device Region | URL | Port | Destination |
|---|---|---|---|
| All | https://gslb.secb2b.com | 443 | Global load balancer for Knox Mobile Enrollment initiation |
| All | https://gslb.secb2b.com | 80 | Global load balancer for Knox Mobile Enrollment initiation on some limited legacy devices |
| All | umc-cdn.secb2b.com | 443 | Samsung agent update servers |
| All | bulkenrollment.s3.amazonaws.com | 80 | Knox Mobile Enrollment customer EULAs |
| All | eula.secb2b.com | 443 | Knox Mobile Enrollment customer EULAs |
| All | us-be-api-mssl.samsungknox.com | 443 | Samsung servers for IMEI verification |
| United States | https://us-segd-api.secb2b.com | 443 | Samsung Enterprise Gateway for US region |
| Europe | https://eu-segd-api.secb2b.com | 443 | Samsung Enterprise Gateway for European region |
| China | https://china-segd-api.secb2b.com | 443 | Samsung Enterprise Gateway for China region |
Note:
You can find a full list of firewall exceptions in the Knox Mobile Enrollment Admin Guide.
Getting access to Knox Mobile Enrollment
Follow Samsung documentation to get access to Knox Mobile Enrollment at Get started with KME.
Setting up Knox Mobile Enrollment
After you get access to Knox Mobile Enrollment, log in to the Knox portal.
The enrollment process follows these general steps.
Create an MDM profile with your MDM console information and settings.
The MDM profile indicates to your devices how to connect to your MDM.
Add devices to your MDM profile.
You can either upload a CSV file with device information or install and use the Knox deployment app from Google Play.
Samsung alerts you when device ownership is verified.
Provide users with MDM credentials. Instruct them to connect to the Internet using Wi-Fi and to accept the prompt to enroll their device.
To create an MDM profile
Follow the steps outlined in Samsung documentation on Profile Configuration.
When you encounter the following fields or steps, configure them as described:
- Pick your MDM: Select Citrix from the menu. Only for device owner profiles.
MDM Agent APK: Only for device owner profiles. Type the Secure Hub APK download URL:
https://play.google.com/managed/downloadManagingApp?identifier=xenmobile.The APK file can reside on any server that the devices can access during enrollment. During enrollment, a device:
- Downloads Secure Hub from APK download URL
- Installs Secure Hub
- Then opens Secure Hub with the custom JSON data described next.
The capitalization of the .apk file name must match the URL you enter. For example, if the file name is all lowercase, it must also be all lowercase in the URL.
- MDM Server URI: Do not specify an MDM server URI. XenMobile does not use the Samsung MDM protocol.
Custom JSON Data: Secure Hub needs the XenMobile server address plus the user name and password for enrollment. You can provide that data in JSON so that Secure Hub doesn’t prompt users for it. Secure Hub prompts users for server address, user name, or password only if the field is omitted from the JSON.
The format for custom JSON data is:
{"serverURL": "URL", "xm_username":"Username", "xm_password":"Password"}In this example, typical for bulk enrollment, Secure Hub doesn’t prompt users for the server address or their credentials during enrollment:
{"serverURL":"https://example.com/zdm", "xm_username":"userN", "xm_password":"password1234"}{"serverURL":"https://pmdm.mycorp-inc.net/zdm", "xm_username":"userN2", "xm_password":"password7890"}In this example, typical for kiosk-based devices, Secure Hub prompts users for their credentials:
{"serverURL":"https://example.com/zdm"}You can also enter custom JSON for zero-touch enrollment for Android Enterprise.
{ "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE": { "serverURL":"URL","xm_username":"username","xm_password":"password" } } <!--NeedCopy-->
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论