Samsung Knox Mobile Enrollment (KME) allows a large number of Samsung devices to be connected to Cortado MDM/Cortado Server automatically.
Note! Create up to four additional administrator accounts to configure Cortado MDM.
- In order to use KME you firstly need to create a user account for your firm on the Samsung Knox website.
- When using Cortado MDM: As soon as you have created your user account you can open the KME console via the Cortado Administration Portal. To do so, select Administration→ Settings→ Android Enterprise→ KNOX Mobile Enrollment Console (arrow in illus.) and log in with your KME user account.
- When using Cortado Server: Open the KME using the following link and log in with your KME user account.
If your reseller is also participating in KME, the devices you purchase from them can be automatically assigned to your user account.
- Open the menu item Resellers in the KME console (left arrow in illus.).
- Request the Reseller ID from your reseller and provide them with your Knox Customer ID (illus.).
- Then enter the Reseller ID under Register reseller (right arrow in illus.).
As soon as your reseller has loaded your devices into your user account, you will find them under the menu item Devices.
Note! If your reseller does not participate in Knox Mobile Enrollment, you can register your devices manually. Instructions for this can be found here.
Creating MDM profile
- Now open the menu item Profiles (left arrow in illus.). Here you can create the MDM profile that will be used to connect the user devices with the MDM server.
- Click on Create profile (right arrow in illus.).
- Then select Android Enterprise.
- Configure the Android Enterprise profile settings as follows:
- Profil name: Enter a profile name.
- Description: Standard profile for KNOX Mobile Enrollment with Cortado MDM
- Pick your MDM: Cortado
- MDM Agent APK: will be filled in automatically
- MDM Server URI: Enter the address of the User Portal here:
- When using Cortado MDM: This will comprise the host name of the Cortado Administration Portal and the extension /up (e.g. https://go.mycortado.com/up). (You can find the host name of the Cortado Administration Portal in the address line of your browser.).
- When using Cortado Server: This will comprise the DNS address of your Cortado server and the extension /up (e.g. https://mdm.ccsdemo.de/up)
- Click Continue for further configuration of the profile:
- Custom JSON Data (as defined by MDM):
- Enter the following lines, replacing XXXXXX with the address of your Cortado MDM host (e.g. run.yourcortado.com) or your Cortado Server (e.g. mdm.ccsdemo.de). You can find the host name in the address bar of the Cortado Administration Portal.
- "solutionType": Depending on whether the devices are only for business use (COBO), or business and private use (COPE), enter the "solutionType": "FM" here when using COBO, and the "solutionType": "WPCOD" when using COPE.
Note! The section [your -server-name] or [your-host-name] is a part of the URL you configured above, without the "https://" and "/up" portions.
Configure the profile according to your preferences. Also make use of the information on the Knox help page for this.
- Open the menu item Devices. There you will find all the devices your reseller has registered for you.
- Now select the devices to which you wish to distribute your MDM profile (left arrow in illus.) and then click on Actions→ Configure devices (right arrow in illus.).
- In the Device Details window select your MDM profile (arrow in illus.).
- You can also optionally enter the user ID and/or the password for the user for whom the device is to be brought into service. If you are using Cortado MDM, use the user’s email address for this. If you are using Cortado Server enter instead the user’s AD logon name.
Starting up devices
The devices to which an MDM profile has been assigned can now be brought into service. On starting the Samsung device, the user will be asked for a user name and a password, unless you added the access data (user ID/password) in the previous step.
Cortado Server users log in with their Active Directory login credentials.