Samsung KNOX User Guide (Enterprise) 1

Samsung KNOX User Guide
Enterprise Edition
September 2013 Version: 1.0
Copyright Notice Copyright 2013 Samsung Electronics Co. Ltd. All rights reserved. Samsung is a registered trademark of Samsung Electronics Co. Ltd. Specifications and designs are subject to change without notice. Non-metric weights and measurements are approximate. All data were deemed correct at time of creation. Samsung is not liable for errors or omissions. All brand, product, service names and logos are trademarks and/or registered trademarks of their respective owners and are hereby recognized and acknowledged.
Document Information This document was last modified on September 19, 2013.
Contact Information Samsung Enterprise Mobility Solutions Santa Clara Samsung Telecommunications America, Ltd 3920 Freedom Circle; Ste 101 Santa Clara, CA 95054 United States of America
ii
Contents
Preface................................................................................................................................................................ v
Audience ............................................................................................................................................................................................. v About this Document ..................................................................................................................................................................... v Notational Conventions ................................................................................................................................................................ v Notice Icons.................................................................................................................................................................................. vi Additional Documentation.......................................................................................................................................................... vi
1 Using Samsung KNOX ............................................................................................................................. 1

About KNOX Containers ............................................................................................................................................................... 2 Your Private and Corporate Data are Isolated ................................................................................................................. 2 Contacts .......................................................................................................................................................................................... 3 S Browser ........................................................................................................................................................................................ 4 Setting Up a KNOX Container Account .................................................................................................................................. 4 Logging into a KNOX Container ................................................................................................................................................ 5 Changing the KNOX Container Password ......................................................................................................................... 5 Resetting Forgotten Passwords ............................................................................................................................................. 6 KNOX Container Menu Options ................................................................................................................................................ 6
2 Using Single Sign-On Service ............................................................................................................... 7

About SSO Service........................................................................................................................................................................... 7 Authenticating the Initial SSO Service ..................................................................................................................................... 8
3 Using Samsung KNOX Container Apps & Widgets ...................................................................... 9

About Samsung KNOX Container Apps & Widgets .......................................................................................................... 9 App Store .................................................................................................................................................................................... 10 Camera ......................................................................................................................................................................................... 10 Contacts ....................................................................................................................................................................................... 11 E-mail ............................................................................................................................................................................................ 12 S-Calendar................................................................................................................................................................................... 12 My Files ........................................................................................................................................................................................ 13 Phone ............................................................................................................................................................................................ 14
4 Using Samsung KNOX Tools ............................................................................................................... 15

App Information ............................................................................................................................................................................ 15 Common Access Card (CAC) .................................................................................................................................................... 16 CAC Screen Lock ....................................................................................................................................................................... 17 Device Model Number ............................................................................................................................................................... 18 Device Status .................................................................................................................................................................................. 18 KNOX Settings ............................................................................................................................................................................... 19 Notifications Bar ............................................................................................................................................................................ 19 Settings ............................................................................................................................................................................................. 20 Task Manager ................................................................................................................................................................................. 20 Task Switcher .................................................................................................................................................................................. 21 Version and Build Information ................................................................................................................................................ 22 VPN..................................................................................................................................................................................................... 22 Wi-Fi Status ..................................................................................................................................................................................... 23
5 Troubleshooting Tips ............................................................................................................................. 24

Copyright 2013 Samsung Electronics Co. Ltd.
iii
Device Activation Issues ............................................................................................................................................................. 24 Cannot Activate KNOX ........................................................................................................................................................... 24 Message Displays: Device Activation has Failed ...................................................................................................... 24 Password Issues ............................................................................................................................................................................. 25 Cannot Create Password ....................................................................................................................................................... 25 Locked Out of KNOX Container ......................................................................................................................................... 25 Cannot Log into KNOX .......................................................................................................................................................... 25 KNOX Startup and Login ........................................................................................................................................................... 25 Business E-mail not Synced ...................................................................................................................................................... 26 Cannot Download from App Store ........................................................................................................................................ 26 VPN Issues ....................................................................................................................................................................................... 27 No VPN Connection ................................................................................................................................................................ 27 VPN Observed Timeout / Host Not Found .................................................................................................................... 27 Error Messages .............................................................................................................................................................................. 27 System Has Been Compromised ........................................................................................................................................ 27 SE for Android Denial ............................................................................................................................................................. 28 CAC Issues (DoD) .......................................................................................................................................................................... 28 Absolute Theft Recovery (Optional Service) ...................................................................................................................... 29 Reporting a Missing or Stolen Device: ............................................................................................................................ 29
List of Figures
Figure 1. Samsung KNOX .................................................................................................................................................................. 1 Figure 2. Samsung KNOX Container ............................................................................................................................................. 2 Figure 3. Samsung KNOX Application Container .................................................................................................................... 3 Figure 4. Launching Samsung KNOX ............................................................................................................................................ 4 Figure 5. Exiting KNOX Container .................................................................................................................................................. 5 Figure 6. Samsung KNOX Container Menus .............................................................................................................................. 6 Figure 7. Using Single Sign-On Service ....................................................................................................................................... 8 Figure 8. Samsung KNOX App Store ......................................................................................................................................... 10 Figure 9. KNOX Container Camera App ................................................................................................................................... 11 Figure 10. KNOX Contacts App .................................................................................................................................................... 11 Figure 11. KNOX E-mail Client...................................................................................................................................................... 12 Figure 12. S-Calendar App ............................................................................................................................................................. 12 Figure 13. My Files ............................................................................................................................................................................ 13 Figure 14. KNOX Phone App......................................................................................................................................................... 14 Figure 16. Common Access Card PIN ........................................................................................................................................ 17 Figure 17. Notifications Bar .......................................................................................................................................................... 19 Figure 18. KNOX Task Switcher .................................................................................................................................................... 21 Figure 19. KNOX Using Per-App VPN with KNOX Containers ......................................................................................... 22
List of Tables
Table 1. Device Model Numbers ................................................................................................................................................. 18
iv
Preface
The purpose of this guide is to describe how to use applications (apps) and widgets within the Samsung KNOX Container. In addition, a number of useful tools are described for managing your KNOX Container application content.
Audience
The audience for this guide is Samsung KNOX device users. The content presentation is based on the assumption that you are knowledgeable in the Android operating system.
About this Document

This document explains how to use Samsung KNOX. Use the following links to jump to a specific location of your interest in this document: Chapter 1, Using Samsung KNOX Chapter 2, Using Single Sign-On Service Chapter 3, Using Samsung KNOX Applications and Widgets Chapter 4, Using Samsung KNOX Tools Chapter 5, Troubleshooting Tips
Notational Conventions
This guide uses the following notation conventions. Boldface emphasizes words in text such as screen or window names. Italic identifies new words, emphasizes phrases, or identifies document names. Monospace represents information as it appears on a display or in command syntax.
Notice Icons
This guide uses the following notice icons: Icon Alerts you to Important features, instructions, or additional relevant information.
Note
Information on conditions that can cause unintended or adverse consequences.

Caution!
Additional Documentation
The following documentation is also available for additional information regarding the KNOX: Samsung KNOX License Management System API GuideDescribes the Samsung KNOX License Management System (KLMS), the license management and compliance system for Samsung KNOX, including the associated E-SDK API classes and methods. Samsung Enterprise License Management API GuideDescribes the Samsung Enterprise License Management, including the E-SDK 4.0.1 API classes and methods. ELM is a serverbased access control mechanism for MDM administrators to access the APIs. Samsung KNOX E-SDK Management Developer GuideDescribes the Samsung KNOX ESDK Mobile Container Management APIs and explains how to use them to develop Android application containers that can be implemented in Enterprise-managed Samsung KNOX-enabled mobile devices. Samsung E-SDK Mobile Device Management Developer GuideDescribes the Samsung Enterprise SDK (E-SDK) and explains how to use the E-SDK to develop Android applications that can be implemented in enterprise-managed Samsung mobile devices. Samsung E-SDK Single Sign-On Service Developer GuideDescribes the Samsung KNOX Single Sign-On (SSO) API and explains how to use the SSO classes and methods to utilize the Samsung SSO service in applications designed to work in Samsung KNOX Application Containers on enterprise-managed Samsung mobile devices. Samsung E-SDK Remote Control API GuideDescribes the Samsung E-SDK Remote Control APIs and to explains how to use the classes and methods to use the Samsung Remote Control service for applications in enterprise-managed Samsung mobile devices. Samsung E-SDK SmartCard Developer GuideDescribes the Samsung E-SDK SmartCard APIs and explains how to use the associated classes and methods to implement the Samsung Control Access Card (CAC) service for applications in enterprise-managed Samsung mobile devices.
vi
1 Using Samsung KNOX

Samsung KNOX is a new Android-based platform designed specifically to overcome the shortcomings of the current open source Android platform. KNOX is fully compatible with Android and the Google ecosystem, making it the perfect choice for consumers/employees and businesses.
Figure 1. Samsung KNOX
Samsung KNOX enables you to employ a single device for both personal and business activities: Seamless and intuitive dual persona experience Ensures safety and privacy of personal data Helps users comply with company security policies Restricts company IT administrator access to enterprise data
About KNOX Containers

The Samsung KNOX Application Container is a virtual Android environment within the mobile device complete with its own home screen, launcher, apps, and widgets.
Figure 2. Samsung KNOX Container
The KNOX Application Container is populated with a default set of system apps: PIMContacts, Calendar ProductivityE-mail, Browser, Office Viewer UtilitiesPhone, Camera, File Manager
The Application Container is managed using a third party Mobile Device Management (MDM) or Mobile Container Management (MCM) system. Additional Container apps may be installed by the enterprise IT administrator via MDM or by the user from the Container App Store.
Your Private and Corporate Data are Isolated

Data files systems inside and outside of the Container are segregated. Applications and data running inside the KNOX Container cannot interact with apps and data outside the Container. The Container allows enterprise IT administrators to isolate and manage enterprise apps and data in a secure environment.
Applications and data inside the Container are isolated from apps outside the Container. This isolation enables the KNOX Container to be used as a secure workspace on the device for enterprise use, while everything outside the Container represents the users personal space.
Figure 3. Samsung KNOX Application Container The look and feel of the KNOX Container and personal environment are similar, however, there are some differences: Users cannot perform copy/paste functions to move data outside a Container No file types can be moved outside the Container Browser bookmarks, browsing history, call logs, calendar events, and so on, cannot be moved outside the Container The multi-window function does not work for the Container version of the S Browser Air gesturesa feature included in the Galaxy S4will also not work in the KNOX Container, with the exception of Air View Google Text-to-Speech will not work within the Container, and users are not able to install the Google Search bar widget
Contacts
Business and personal contact information is shared from the Personal environment into the Business environment (KNOX Container) on a read-only basis; personal data cannot be modified within the Container. Business contacts are not shared outside of the KNOX Container.
S Browser
Browsers are similar in function both inside and outside of the KNOX Container. The primary difference is that Container-based bookmarks, history, browser downloads, data, cookies, and other data are confined inside of the Container environment. The multi-window function does not work for the Container version of S Browser.
Setting Up a KNOX Container Account

Your IT administrator support group uses a Mobile Device Management (MDM) or Mobile Container Management (MCM) console to create the Samsung KNOX Container on the device. Once your administrator has implemented Samsung KNOX for your enterprise, you can set up KNOX on your personal device. To set up a KNOX Container account: 1. 2. 3. 4. 5. Tap KNOX Install Notification (after registering with MCM or MDM), the Samsung KNOX Terms and Conditions are displayed. Tap I Agree; then tap Next. Set Timeout value, then set the Container Password and confirm the Password. Tap Install. Install progress is displayed on your device. After install completes, tap Launch; alternatively, tap the Samsung KNOX icon to switch to the KNOX Container.
Tap the Samsung KNOX icon to switch to the business environment inside the KNOX Container
Figure 4. Launching Samsung KNOX
Logging into a KNOX Container

Once a password has been established, you can log into the KNOX Container to access the business environment on your device. The criteria specifying valid KNOX Container passwords are defined using authentication policies specified in your enterprise MCM or MDM system. To log into KNOX: 1. 2. 3. Enter your Password when prompted; then tap Done. The KNOX Home screen will display as shown in Figure 5. To exit the Container and return to the personal environment, tap the Personal icon.
Tapping the Personal icon allows you to exit the KNOX Container environment
Figure 5. Exiting KNOX Container
Changing the KNOX Container Password

To Change the KNOX Container Password: 1. 2. 3. 4. 5. From the KNOX Home screen, tap the Menu button. Selecting the Samsung KNOX Settings option from the menu will display the KNOX Settings menu. Tap Change password. Enter Old password, New password; then Confirm password. Tap Save.
Resetting Forgotten Passwords

The KNOX Container Password must first be reset at the IT administrator MCM/MDM console for a notification to be sent to the device. To set a new password: 1. 2. 3. From Notifications, tap Reset Samsung KNOX password. Enter New password; then Confirm password. Tap Save.
KNOX Container Menu Options

The Samsung KNOX Container provides three primary menus; the options for each differ depending on the view youre using (Home, Apps, or Widgets): Home screen Apps screen Widgets screen
Figure 6. Samsung KNOX Container Menus
2 Using Single Sign-On Service

This chapter describes how to use the Single Sign-On (SSO) service with apps available for use within the Samsung KNOX Container.
About SSO Service

The Samsung KNOX platform includes out-of-the-box SSO support for apps within the KNOX Container. SSO enables authentication with a single account to quickly access a broad range of enterprise services.
SSO Service is available as soon as a KNOX Container is created.

Note
Some of the advantages SSO service offers are: Users get a single destination and one-click access to all of their work apps. Eliminates the need for you to remember multiple passwords or create weak, easy-toremember passwords that dont meet corporate password policies. Samsung KNOX platform includes SSO support for apps within a KNOX Container which allows enterprises to manage password sprawl by using a common set of credentials to access multiple Container apps.
Figure 7. Using Single Sign-On Service Your enterprise IT administrators can enable the SSO service for all Container apps or just for selected apps using the associated MCM or MDM solution.
The first time you invoke any SSO-enabled app, you are prompted to enter your Active Directory credentials.
Note
Authenticating the Initial SSO Service

To authenticate the initial SSO service, perform the following steps: 1. From the KNOX Home screen, tap an App Icon. If the SSO service is needed for the application, the Centrify SSO login screen is displayed. 2. 3. Enter your AD credentials (Username and Password). Tap the Login button.
Authenticating using SSO enables your credentials for all apps whitelisted in the Centrify SSO service.
3 Using Samsung KNOX Container Apps & Widgets

The Samsung KNOX Container includes a set of default apps and widgets.
About Samsung KNOX Container Apps & Widgets

The following default apps and widgets are available in every KNOX Container: App Store Camera Contacts Downloads E-mail Gallery Internet My Files Phone Polaris Office 5 S-Memo S Calendar S Memo S Planner Samsung KNOX Apps
App Store
The App Store in the KNOX Container is preloaded with a variety of business apps from Independent Software Vendors (ISVs) such as Cisco, Salesforce, Dropbox, and so on. You can browse the app store and select an app for download/installation in the same manner as any commercial app store (for example, Google Play).
Figure 8. Samsung KNOX App Store The app and associated data are secured within the business environment and will not be available outside of the KNOX Container.
Camera
The camera in the KNOX Container is the same camera app available for use in your personal environment. Photos that you take with the KNOX Camera cannot be accessed outside of the Container environment (just as photos taken with the camera in your personal environment cannot be accessed within the KNOX Container).
10
Figure 9. KNOX Container Camera App
Contacts
The Contacts client in the KNOX Container is same Contacts app available for use in your personal environment. Contact information within the KNOX Container cannot be accessed outside of the Container environment (just as contacts stored in your personal environment cannot be accessed within the KNOX Container).
Figure 10. KNOX Contacts App
11
E-mail
The E-mail client in the KNOX Container is a Microsoft Exchange-compatible app that supports business mail for the KNOX user. Enterprise mail, attachments, and other data cannot be accessed outside of the Container environment.
Figure 11. KNOX E-mail Client
S-Calendar
The Containers Calendar can receive event details from the users personal calendar on a readonly basis. Both business and personal appointments are consolidated in the Container calendar view. Business events do not appear in the calendar in the personal environment.
Figure 12. S-Calendar App
12
My Files
The file systems outside and inside the Container are similar in appearance, however files that are stored in the Container are not accessible outside the Container.
Personal Photos folder contents
Container Photos folder contents
Figure 13. My Files
13
Phone
The Phone app in the KNOX Container is same Phone app available for use in your personal environment. Phone contact information within the KNOX Container cannot be accessed outside of the Container environment (just as phone contact data stored in your personal environment cannot be accessed within the KNOX Container).
Figure 14. KNOX Phone App
14
4 Using Samsung KNOX Tools

Samsung KNOX includes a set of useful tools for managing your KNOX experience, such as: App Information Common Access Card (CAC) Device Model Number Device Status In addition, KNOX includes tools for configuring various KNOX settings:Notifications Bar Settings Task Manager Task Switcher Version and Build Information VPN Wi-Fi Status
App Information
The Samsung KNOX App Information tool enables you to perform the following tasks: Check an app version number Stop or uninstall the app Check the apps disk space or memory usage Clear data or cache Check granted permissions, for example, access to network, location, phone, hardware control
To display the App Information tool: 1. 2. 3. Tap Settings > More > Application Manager. Navigate to the All view. Tap the App name to view App Info.
15
4.
Scroll down to view App Permissions info.
Common Access Card (CAC)

Common Access Cards (CACs) are Smart ID cards used by active-duty military, selected Reserve, Department of Defense (DoD) civilian employees, and some contractors to enable access to DoD computers, networks, and certain DoD facilities. The KNOX platform extends CAC authentication to the Container for Browser, E-mail, VPN, and lock screen functions.
Figure 15. Common Access Card
CAC is used as a Public Key Infrastructure (PKI) authentication method for the following functions: E-mail o o o Browser o Access secure web pages Sign E-mail with digital signature Encrypt/decrypt E-mail message Verify digital signature
Downloader o Download files from secure websites
16
VPN o Complete a virtual private network (VPN) connection login
Lock screen o Secure device with smartcard-based lock screen
If a requesting application needing the CAC is not in the foreground, it may show a notification status of CAC PIN Expired. You must tap the CAC PIN Expired notification and enter the PIN again to re-authenticate.
CAC Screen Lock

In government apps where a CAC is used for authentication, the CAC PIN becomes the device unlock PIN. To unlock the device, insert your card into the CAC reader and enter your PIN.
Figure 16. Common Access Card PIN
When a CAC is configured using the bai MP3000 Bluetooth reader, the device and the reader are paired to work together. For instructions on device pairing, refer to the BAI M3000 Android Bluetooth Reader Users Guide. After device pairing, a CAC menu item is added to the Select screen lock settings menu as a screen lock option (in addition to PIN, password, and so on).
17
Device Model Number

The Samsung KNOX Device Model Number tool enables you view the device model number. Table 1 lists the carriers and their associated model numbers. Table 1. Device Model Numbers Carrier AT&T, Bell Open Europe Sprint T-Mobile US Cellular Verizon Model Number 1337 (S4) 1747 (SIII) 19505 (S4) L720 (S4) L710 (SIII) M919 (S4) T999 (SIII) R970 (S4) R530 (SIII) 1545 (S4) 1535 (SIII)
Device Status
The Samsung KNOX Device Status tool enables you to view status data about your device. The following status information is available: Check battery levelIf user-controlled KNOX device activation is enabled, battery level must be >70% Check signal strengthThe KNOX activation process requires a stable cellular or Wi-Fi connection Check mobile network stateIf downloading files over a cellular connection, the status must be Connected
To display the Device Status tool: 1. Settings > More > About device > Status
18
KNOX Settings
The Samsung KNOX Settings tool enables you perform the following tasks: Change the password that you enter to switch to KNOX mode (Note that this action also requires old password) Check the KNOX version installed Display the End User License Agreement (EULA)
To display the KNOX Settings tool: 1. 2. 3. 4. From within the Container view, tap the Menu key (lower left button) and select KNOX settings. From this view you can change your password, determine your KNOX application version, or view the KNOX EULA. Tapping Change password will navigate you to the password change screen. Tapping About KNOX launches the Samsung KNOX Application version screen. Tap the Terms and Conditions button to view the EULA.
Notifications Bar
The notifications from apps running in the KNOX Container are displayed on the Notifications bar, however note that extended information is not allowed. The apps inside a Container do not show up on task bar history, running tasks, downloaded apps, and so on, outside of the Container.
Figure 17. Notifications Bar
19
Tap the Samsung KNOX banner to return to the Container view. Enter Container password if prompted
The Samsung KNOX Notifications Bar tool enables you to easily view the following notifications: Error notifications Wi-Fi connectivity KNOX Status notifications
To display the Samsung KNOX Notifications Bar, swipe downwards from the top of the phone.
Settings
The Samsung KNOX Settings tool enables you to perform the following tasks: Determine Version and Build Information Edit and check KNOX Settings Check Device Status Check Wi-Fi Status Check the Task Manager Check App Info
To display the Samsung KNOX Settings tool: 1. 2. Access the Settings menu by tapping the Settings icon on the desktop or by pressing and holding the Home button. Select Settings from the Task Switcher menu.
Task Manager
The Samsung KNOX Task Manager tool enables you to perform the following tasks: Check (and end) running apps Check (and uninstall) downloaded apps Check memory usage Check available disk space
20
To display the Samsung KNOX Task Manager: 1. 2. 3. 4. 5. Push and hold Home button. Tap the Task Manager icon. Select either Active apps or Downloaded apps buttons. Tap the RAM or Storage icons to see how system resources are being consumed. Tap the individual app to display App Info.
Task Switcher
The Android Task Switcher assembles all tasks running inside and outside of the Container. Details about Container-related tasks are not shown).
Container downloads details hidden Container E-mail details hidden
Figure 18. KNOX Task Switcher
Figure 19. KNOX Task Switcher
21
Version and Build Information

The Samsung KNOX Version and Build Information tool displays the following information: Model NumberIndicates the operator, for example, I747/I337) is AT&T, and 545 is Verizon Android VersionKNOX requires 4.1.1 on Galaxy SIII, 4.2.2 on Galaxy SIV. Build NumberIndicates code family (J=Jellybean), branch (R=primary), date (O03=July 3, 2012), and build (L=#12) SELinux StatusBefore KNOX activation = Permissive, after = Enforcing
To display the Version and Build Information tool, select: Settings > More > About device
VPN
The Samsung KNOX platform includes an IPsec VPN solution which encrypts the associated IP traffic to protect your data in transit. Typically, your enterprise administrator provisions your device with the enterprise VPN profile. Enterprise apps will then connect securely into the enterprise network over the VPN connection. Per-app VPN support allows only selected apps within a KNOX Container to use a VPN profile. When a VPN profile is configured with per-app VPN settings, only those apps that have been specified to use this VPN connection will be allowed to send data over this connection. Also, these apps will always send their data over the VPN, and never directly over the Internet. All other apps will use the non-VPN connection. This allows for network separation. Your personal internet data will never be sent to the enterprise.
Enterprise Network Enterprise Applications VPN Gateway Enterprise Servers
VPN tunnel
Container
Internet
Personal Applications YouTube
Figure 20. KNOX Using Per-App VPN with KNOX Containers
22
Figure 19 illustrates a KNOX platform configuration that uses the VPN to provide data in transit protection for selected enterprise apps running inside the KNOX Container. The IT administrator has configured a KNOX Container on the employee's device with several apps, including two enterprise apps that need to connect back to the enterprise intranet servers. To make sure that these two apps always use the enterprise VPN when communicating over the network, the administrator will use the per-app VPN feature available on the KNOX platform. When per-app VPN is enabled during provisioning of the VPN profile, the administrator adds the basic VPN gateway information and the list of apps that must use this VPN. When these apps are added to this list, they can only communicate over the configured VPN connection. In Figure 19, the browser and messaging apps have been added to the enterprise VPN profile. Whenever you run either app, the KNOX platform automatically starts the VPN connection, if not already connected. After the profile is received, tap the profile and the device will connect via the VPN service. If prompted, enter your credentials.
Wi-Fi Status
The Samsung KNOX Wi-Fi Status tool enables you to check Wi-Fi connectivity and signal strength. Note that some file downloads may be allowed over Wi-Fi only. For example, the update package downloaded during the initial KNOX activation can only be enabled by the MDM app on the device over a Wi-Fi connection. To display the Samsung KNOX Wi-Fi Status tool: 1. 2. Tap Settings to display the Connections view. Tap Settings > Wi-Fi to view available Wi-Fi networks and to view signal strength.
23
5 Troubleshooting Tips
This chapter describes some of the more common issues you may experience while using Samsung KNOX.
Device Activation Issues

Consider the following guidelines in case you experience any of these device activation issues.
Cannot Activate KNOX

To activate KNOX, an update package must be downloaded to the device from a Samsung update server. The server may be not be accessible, the device may not be adequately charged, or the server may be down or unable to respond to package requests within a specified timeout period. Perform the following steps: 1. 2. 3. 4. Verify the device battery charge level is greater than 70%. If not, plug the device into a charger and reattempt the activation. If the battery level is OK, verify that Wi-Fi is on, with good Wi-Fi signal strength (if using Wi-Fi connection). If you are using a cellular connection, check mobile data is on, with good cellular signal strength (if using a cellular connection). In case this is due to a sporadic event, such as abnormally high network traffic or unplanned server maintenance, check with IT or try the device activation again at a later time.
If unsuccessful, escalate the issue to your IT administrator support group.
Message Displays: Device Activation has Failed

KNOX activation was performed on a device, the update package was downloaded, and the device rebooted, but the device displays a message indicating that activation failed. There may be an issue with the update package. Contact your IT administrator support group.
24
Password Issues
The following guidelines are provided for password-related issues.
Cannot Create Password

IT can set strict requirements for the Container password; for example, set up forbidden strings, restrict the re-use of past passwords, check password strength, or restrict the use of characters. Perform the following steps: 1. 2. 3. Contact your IT administrator and verify that your password complies with the authentication policies. If the Show password option is available, ensure that both passwords match, and case sensitivity is not an issue. If the issue remains, remove and re-create the Container on your device.
If issues persist, escalate the issue to your IT administrator support group.
Locked Out of KNOX Container

Once you have failed to enter the correct KNOX password you may have exceeded the allowed number of tries. An IT administrator can set the maximum number of failed login attempts allowed. Once this number is met, you will be locked out of the KNOX Container. Contact your IT administrator support group.
Cannot Log into KNOX

You may be using the wrong password or may have recently changed your KNOX password. Contact your IT administrator support group.
KNOX Startup and Login

Samsung KNOX takes a couple of minutes to start up once activated. The device launches the following processes: Create the Container Set up a secure file system Install the required components Pre-load apps
A progress bar with messages indicates the status. Once the KNOX Container is created, you can launch KNOX and enter your password to begin using your KNOX Container apps and widgets.
25
Any time there is inactivity in the Samsung KNOX Container (10 minutes by default), you must re-enter your password.
Note
Business E-mail not Synced

There may be a problem with device reception issues, ActiveSync issues, Active Directory issues, or the enterprise Exchange server. Perform the following steps: 1. Check the following: 2. 3. Device has cellular/Wi-Fi connectivity Reboot the users device Domain, your login, and password are correct ActiveSync is working and sync settings have not changed Active Directory is working and account is not locked or in a bad state Exchange server access state is OK and not denied
Remove and re-create the E-mail account. If these issues persist, contact your IT administrator support group.
Cannot Download from App Store

Within the KNOX Container, you can download apps and widgets from the KNOX App Store and an enterprise-specific App Store. If you cannot download apps and widgets, perform the following steps: 1. Check the following: Device has network connectivity You are logged in App store password is correct Restart the App download Restart the device Clear the cache used by the App Store Download Manager. If necessary, contact your IT administrator to help clear the cache.
26
2. 3. 4.
Try downloading using another KNOX device to determine whether the issue is with only one device. If another device has the same issue, contact your IT administrator. If issues persist, contact your IT administrator support group.
VPN Issues
Here are some guidelines for VPN issues.
No VPN Connection
An app that uses VPN is not able to access the internet, for example, Container-based browser cannot display web pages. Perform the following steps: 1. Check the underlying network connection: 2. 3. Wi-Fi is on, with good Wi-Fi signal strength Cellular access is up, Mobile data is on
Reboot the device. If issues persist, contact your IT administrator.
VPN Observed Timeout / Host Not Found

Perform the following steps: 1. 2. Ensure that you have good signal strength if youre using a data connection. Contact your IT administrator to verify that there is no firewall policy preventing access.
Error Messages
Here are some potential error messages and suggested workarounds.
System Has Been Compromised

The device displays one of these messages: The device has detected an application attempting unpermitted actions and has stopped loading. To protect your device, it is recommended you reboot. The device has detected an application attempting unpermitted actions. To protect your device, it is recommended you reboot. SE for Android protection has been disabled. To protect your device, it is recommended you reboot.
27
Perform the following steps: 1. 2. Reboot the device. If issues persist, contact your IT administrator support group.
SE for Android Denial

SE for Android denial events occur when there is an unauthorized attempt by an app to access the system. An alert will appear in Notifications (filtered text) and a popup will display in the KNOX Container giving the option of: Navigating to the Application manager Dismissing the Alert window
CAC Issues (DoD)

Here are possible CAC error messages and their associated remedy actions: CAC Card RemovedInsert/reseat card in the reader CAC PIN ErrorVerify and re-enter the PIN CAC PIN ExpiredRe-enter PIN due to timeout CAC PIN LockedDoD personnel using a CAC can encounter a Personal Identification Number (PIN) on the CAC that is locked. Usually this takes place after three unsuccessful login attempts. You must contact an appropriate DoD facility to accommodate resetting the CAC PIN. To unlock a CAC: 1. Contact any DEERS/RAPIDS issuing facility to request a reset CAC PIN. You can find your nearest DEERS/RAPIDS ID Card facility using the RAPIDS Site Locator.
Additional CAC and CAC reader information: http://www.cac.mil/ BAI M3000 Android Bluetooth Reader Users Guide
Uninitialized CAC CardContact the CAC administrator CAC Locked (after three incorrect login attempts)Contact the CAC administrator to unlock the card No ConnectionConnection to the Smart Card does not exist. Possibly due to card not present in reader or reader is out of range. Device Not ConfiguredIndicates that the Smart Card Reader is not configured on the device. Possibly the device may not be paired.
28
Connection BusyIndicates that the connection is already established
Absolute Theft Recovery (Optional Service)

Once a device is lost or stolen, consider the following steps: 1. 2. 3. 4. Determine the location of the device and whether or not its on the move . Freeze the device to prevent unauthorized access. Remotely retrieve important files or delete files immediately from the device. Contact your IT administrator to alert them of the event.
Reporting a Missing or Stolen Device:

1. 2. 3. Report the incident to the local law enforcement agency and receive a police case number. Contact your IT administrator who will then contact the Theft Recovery Customer Center, and complete a report that includes the police case number. Theft recovery personnel transmit commands to the Mobile Agent to activate monitoring and tracking, and coordinates with law enforcement to recover the device.
29

Samsung KNOX User Guide (Enterprise) 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Samsung KNOX User Guide (Enterprise) 1

Uploaded by

Copyright:

Available Formats

Samsung KNOX User Guide

1 Using Samsung KNOX ............................................................................................................................. 1

2 Using Single Sign-On Service ............................................................................................................... 7

3 Using Samsung KNOX Container Apps & Widgets ...................................................................... 9

4 Using Samsung KNOX Tools ............................................................................................................... 15

5 Troubleshooting Tips ............................................................................................................................. 24

Copyright 2013 Samsung Electronics Co. Ltd.