Samsung Knox Mobile Enrollment (KME) allows a large number of Samsung devices to be connected to Cortado MDM automatically.
Note! Create up to four additional administrator accounts to configure Cortado MDM.
- In order to use KME you firstly need to create a user account for your firm on the Samsung Knox website.
- As soon as you have created your user account you can open the KME console via the Cortado Administration Portal. To do so, select Administration→ Settings→ Android Enterprise (using Cortado MDM)→ KNOX Mobile Enrollment Console (arrow in illus.) and log in with your KME user account.
Adding devices
If your reseller is also participating in KME, the devices you purchase from them can be automatically assigned to your user account.
- Open the menu item Resellers in the KME console (left arrow in illus.).
- Request the Reseller ID from your reseller and provide them with your Knox Customer ID (illus.).
- Then enter the Reseller ID under Register reseller (right arrow in illus.).
As soon as your reseller has loaded your devices into your user account, you will find them under the menu item Devices.
Note! If your reseller does not participate in Knox Mobile Enrollment, you can register your devices manually. This can be done using the Knox Deployment App or the Knox QR code method, for example.
Creating MDM profile
Note! Device admin supported KME profiles are not supported with Android 11 and above supported devices.
- Now open the menu item Profiles (left arrow in illus.). Here you can create the MDM profile that will be used to connect the user devices with the MDM server.
- Click on Create profile (right arrow in illus.).
Configure the Android Enterprise profile settings as follows:
- Profil name: Enter a profile name.
- Profile description: Standard profile for KNOX Mobile Enrollment with Cortado MDM
- Company name: Enter the name of your company here.
- Support email and Support phone number: Enter the relevant information here.
- Then click on Next.
- Pick your EMM: Select Cortado MDM in the drop-down menu (upper arrow in illus.).
- ENM agent APK: The EMM agent APK is then stored automatically.
- Specify an EMM server URL: Place a tick in the checkbox (middle arrow in illus.).
- EMM Server URL: Then enter the address of the My Cortado user portal: This is made up of the host name of the Cortado administration portal and the ending /web/up (e.g. https://go.mycortado.com/web/up) (lower arrow in illus.). (You can find the host name of the Cortado administration portal in the address bar of your browser).
- Click Continue for further configuration of the profile:
- DPC extras for Cortado MDM: Copy the following settings to the clipboard and paste them here. Please note that the entry under “solutionType” depends on the type of use of the devices.
Enter the following for COBO devices that are only used for business purposes (example in the image):
{
"host": "go.mycortado.com",
"solutionType": "FM",
"type": "kme"
}Enter the following for COPE devices that are used for both business and private purposes:
{
"host": "go.mycortado.com",
"solutionType": "WPCOD",
"type": "kme"
}Please note! If you use both COBO and COPE devices, simply create two KME profiles.
- Configure the profile according to your preferences. Also make use of the information on the Knox help page for this.
- Click on Create when your profile is configured.
Configuring devices
- Open the menu item Devices. There you will find all the devices your reseller has registered for you.
- Now select the devices to which you wish to distribute your MDM profile (left arrow in illus.) and then click on Actions→ Configure devices (right arrow in illus.).
- Under Profile select your MDM profile (arrow in illus.).
- You can also optionally enter the user ID and/or the password for the user for whom the device is to be brought into service. If you are using Cortado MDM, use the user’s email address for this.
Starting up devices
The devices to which an MDM profile has been assigned can now be brought into service. On starting the Samsung device, the user will be asked for a user name and a password, unless you added the access data (user ID/password) in the previous step.
Cortado MDM users must first create a password for this using the invitation email and their email address. Alternatively, when using user import you can provide a password for the users. Users imported from Microsoft Entra ID log in with their Microsoft account.