Enrollment of Work-Managed devices using Samsung KME

Content

MaaS360 provides support for KME-based Device Owner mode (Android Enterprise) enrollments. With this feature, organizations can pre-configure work-managed devices through Samsung KME so that devices automatically enroll into MaaS360 in DO mode after the first boot or on device reset. Note: Supports only Device Owner (DO) mode enrollment and applicable only on Samsung devices with Knox 2.8+.

Checklist

To use KME with DO mode enrollment, you need to meet the requirements:

• Devices procured from authorized reseller partner who transmits IMEI or serial numbers to Samsung Knox portal and sets up a KME enrollment account for your organization.
• Compatible devices running Samsung Knox 2.8 and above.

Create enrollment configuration in the MaaS360 portal

The MaaS360 administrators can create multiple enrollment configurations to provide different provisioning options for the devices. Each configuration consists of EMM Device Policy Controller (DPC) that will be installed on the devices. The configuration can be downloaded in the JSON format and the JSON-formatted text must be copied over to the MDM profile in Samsung KME portal.

To create an enrollment configuration,

1. In the MaaS360 portal, click Devices > Enrollments.

2. In the Enrollments page, click Other Enrollment Options > Android zero-touch enrollment.
Result: Android zero touch enrollment dialog box appears.

3. Provide the enrollment details and click Save.
Result: The DPS extras JSON file is displayed.

4. Download the JSON file.
Note: Use the JSON text in the KME with Device Owner section.

Set up Samsung Knox portal

The enrollment configuration created in the MaaS360 portal is pushed down to the devices via Samsung Knox portal.

To add configuration to the Samsung Knox portal,

1. Sign in to Samsung Knox portal.

2. Click MDM Profiles tab, and then click Add.

3. In the MDM profile Details section, provide the following details:

• Profile Name: Provide a name that defines the purpose of the configuration such as QA Team or Interns.
• MDM Agent APK: Select latest MaaS360 agent apk file.
• Enable this app as a Google Device Owner: Must be enabled to enroll the device in DO mode.
• Supported MDM: Select MaaS360 from the drop-down.
• Leave all system apps enabled: Enable this option to retains all system apps on the device after enrollment.
• Custom JSON Data: Copy the JSON-formatted text created via the MaaS360 portal.

4. Click Save.

Assign configuration to devices

After creating the configuration, it can be assigned to devices for deployment. When the configuration is applied, the devices automatically provisions themselves on first boot or next factory reset. The devices enter Device Owner mode as part of activation.

To assign the configuration to devices,

1. In the Samsung KME portal, click Devices > All Devices.
2. Select the device, click Configure.
3. In the Device Details window, select an MDM profile.

4. Click Save.

Result: The configuration is assigned to the device.

Device activation

After the device reset, users will have to connect the device to a secure Wi-Fi connection to initiate the zero-touch enrollment.