Professional Documents
Culture Documents
Enterprise Edition
September 2013 Version: 1.0
Copyright Notice Copyright 2013 Samsung Electronics Co. Ltd. All rights reserved. Samsung is a registered trademark of Samsung Electronics Co. Ltd. Specifications and designs are subject to change without notice. Non-metric weights and measurements are approximate. All data were deemed correct at time of creation. Samsung is not liable for errors or omissions. All brand, product, service names and logos are trademarks and/or registered trademarks of their respective owners and are hereby recognized and acknowledged.
Document Information This document was last modified on September 19, 2013.
Contact Information Samsung Enterprise Mobility Solutions Santa Clara Samsung Telecommunications America, Ltd 3920 Freedom Circle; Ste 101 Santa Clara, CA 95054 United States of America
ii
Contents
Preface................................................................................................................................................................ v
Audience ............................................................................................................................................................................................. v About this Document ..................................................................................................................................................................... v Notational Conventions ................................................................................................................................................................ v Notice Icons.................................................................................................................................................................................. vi Additional Documentation.......................................................................................................................................................... vi
iii
Device Activation Issues ............................................................................................................................................................. 24 Cannot Activate KNOX ........................................................................................................................................................... 24 Message Displays: Device Activation has Failed ...................................................................................................... 24 Password Issues ............................................................................................................................................................................. 25 Cannot Create Password ....................................................................................................................................................... 25 Locked Out of KNOX Container ......................................................................................................................................... 25 Cannot Log into KNOX .......................................................................................................................................................... 25 KNOX Startup and Login ........................................................................................................................................................... 25 Business E-mail not Synced ...................................................................................................................................................... 26 Cannot Download from App Store ........................................................................................................................................ 26 VPN Issues ....................................................................................................................................................................................... 27 No VPN Connection ................................................................................................................................................................ 27 VPN Observed Timeout / Host Not Found .................................................................................................................... 27 Error Messages .............................................................................................................................................................................. 27 System Has Been Compromised ........................................................................................................................................ 27 SE for Android Denial ............................................................................................................................................................. 28 CAC Issues (DoD) .......................................................................................................................................................................... 28 Absolute Theft Recovery (Optional Service) ...................................................................................................................... 29 Reporting a Missing or Stolen Device: ............................................................................................................................ 29
List of Figures
Figure 1. Samsung KNOX .................................................................................................................................................................. 1 Figure 2. Samsung KNOX Container ............................................................................................................................................. 2 Figure 3. Samsung KNOX Application Container .................................................................................................................... 3 Figure 4. Launching Samsung KNOX ............................................................................................................................................ 4 Figure 5. Exiting KNOX Container .................................................................................................................................................. 5 Figure 6. Samsung KNOX Container Menus .............................................................................................................................. 6 Figure 7. Using Single Sign-On Service ....................................................................................................................................... 8 Figure 8. Samsung KNOX App Store ......................................................................................................................................... 10 Figure 9. KNOX Container Camera App ................................................................................................................................... 11 Figure 10. KNOX Contacts App .................................................................................................................................................... 11 Figure 11. KNOX E-mail Client...................................................................................................................................................... 12 Figure 12. S-Calendar App ............................................................................................................................................................. 12 Figure 13. My Files ............................................................................................................................................................................ 13 Figure 14. KNOX Phone App......................................................................................................................................................... 14 Figure 16. Common Access Card PIN ........................................................................................................................................ 17 Figure 17. Notifications Bar .......................................................................................................................................................... 19 Figure 18. KNOX Task Switcher .................................................................................................................................................... 21 Figure 19. KNOX Using Per-App VPN with KNOX Containers ......................................................................................... 22
List of Tables
Table 1. Device Model Numbers ................................................................................................................................................. 18
iv
Preface
The purpose of this guide is to describe how to use applications (apps) and widgets within the Samsung KNOX Container. In addition, a number of useful tools are described for managing your KNOX Container application content.
Audience
The audience for this guide is Samsung KNOX device users. The content presentation is based on the assumption that you are knowledgeable in the Android operating system.
Notational Conventions
This guide uses the following notation conventions. Boldface emphasizes words in text such as screen or window names. Italic identifies new words, emphasizes phrases, or identifies document names. Monospace represents information as it appears on a display or in command syntax.
Notice Icons
This guide uses the following notice icons: Icon Alerts you to Important features, instructions, or additional relevant information.
Note
Additional Documentation
The following documentation is also available for additional information regarding the KNOX: Samsung KNOX License Management System API GuideDescribes the Samsung KNOX License Management System (KLMS), the license management and compliance system for Samsung KNOX, including the associated E-SDK API classes and methods. Samsung Enterprise License Management API GuideDescribes the Samsung Enterprise License Management, including the E-SDK 4.0.1 API classes and methods. ELM is a serverbased access control mechanism for MDM administrators to access the APIs. Samsung KNOX E-SDK Management Developer GuideDescribes the Samsung KNOX ESDK Mobile Container Management APIs and explains how to use them to develop Android application containers that can be implemented in Enterprise-managed Samsung KNOX-enabled mobile devices. Samsung E-SDK Mobile Device Management Developer GuideDescribes the Samsung Enterprise SDK (E-SDK) and explains how to use the E-SDK to develop Android applications that can be implemented in enterprise-managed Samsung mobile devices. Samsung E-SDK Single Sign-On Service Developer GuideDescribes the Samsung KNOX Single Sign-On (SSO) API and explains how to use the SSO classes and methods to utilize the Samsung SSO service in applications designed to work in Samsung KNOX Application Containers on enterprise-managed Samsung mobile devices. Samsung E-SDK Remote Control API GuideDescribes the Samsung E-SDK Remote Control APIs and to explains how to use the classes and methods to use the Samsung Remote Control service for applications in enterprise-managed Samsung mobile devices. Samsung E-SDK SmartCard Developer GuideDescribes the Samsung E-SDK SmartCard APIs and explains how to use the associated classes and methods to implement the Samsung Control Access Card (CAC) service for applications in enterprise-managed Samsung mobile devices.
vi
Samsung KNOX enables you to employ a single device for both personal and business activities: Seamless and intuitive dual persona experience Ensures safety and privacy of personal data Helps users comply with company security policies Restricts company IT administrator access to enterprise data
The KNOX Application Container is populated with a default set of system apps: PIMContacts, Calendar ProductivityE-mail, Browser, Office Viewer UtilitiesPhone, Camera, File Manager
The Application Container is managed using a third party Mobile Device Management (MDM) or Mobile Container Management (MCM) system. Additional Container apps may be installed by the enterprise IT administrator via MDM or by the user from the Container App Store.
Applications and data inside the Container are isolated from apps outside the Container. This isolation enables the KNOX Container to be used as a secure workspace on the device for enterprise use, while everything outside the Container represents the users personal space.
Figure 3. Samsung KNOX Application Container The look and feel of the KNOX Container and personal environment are similar, however, there are some differences: Users cannot perform copy/paste functions to move data outside a Container No file types can be moved outside the Container Browser bookmarks, browsing history, call logs, calendar events, and so on, cannot be moved outside the Container The multi-window function does not work for the Container version of the S Browser Air gesturesa feature included in the Galaxy S4will also not work in the KNOX Container, with the exception of Air View Google Text-to-Speech will not work within the Container, and users are not able to install the Google Search bar widget
Contacts
Business and personal contact information is shared from the Personal environment into the Business environment (KNOX Container) on a read-only basis; personal data cannot be modified within the Container. Business contacts are not shared outside of the KNOX Container.
S Browser
Browsers are similar in function both inside and outside of the KNOX Container. The primary difference is that Container-based bookmarks, history, browser downloads, data, cookies, and other data are confined inside of the Container environment. The multi-window function does not work for the Container version of S Browser.
Tap the Samsung KNOX icon to switch to the business environment inside the KNOX Container
Tapping the Personal icon allows you to exit the KNOX Container environment
Some of the advantages SSO service offers are: Users get a single destination and one-click access to all of their work apps. Eliminates the need for you to remember multiple passwords or create weak, easy-toremember passwords that dont meet corporate password policies. Samsung KNOX platform includes SSO support for apps within a KNOX Container which allows enterprises to manage password sprawl by using a common set of credentials to access multiple Container apps.
Figure 7. Using Single Sign-On Service Your enterprise IT administrators can enable the SSO service for all Container apps or just for selected apps using the associated MCM or MDM solution.
The first time you invoke any SSO-enabled app, you are prompted to enter your Active Directory credentials.
Note
Authenticating using SSO enables your credentials for all apps whitelisted in the Centrify SSO service.
App Store
The App Store in the KNOX Container is preloaded with a variety of business apps from Independent Software Vendors (ISVs) such as Cisco, Salesforce, Dropbox, and so on. You can browse the app store and select an app for download/installation in the same manner as any commercial app store (for example, Google Play).
Figure 8. Samsung KNOX App Store The app and associated data are secured within the business environment and will not be available outside of the KNOX Container.
Camera
The camera in the KNOX Container is the same camera app available for use in your personal environment. Photos that you take with the KNOX Camera cannot be accessed outside of the Container environment (just as photos taken with the camera in your personal environment cannot be accessed within the KNOX Container).
10
Contacts
The Contacts client in the KNOX Container is same Contacts app available for use in your personal environment. Contact information within the KNOX Container cannot be accessed outside of the Container environment (just as contacts stored in your personal environment cannot be accessed within the KNOX Container).
11
E-mail
The E-mail client in the KNOX Container is a Microsoft Exchange-compatible app that supports business mail for the KNOX user. Enterprise mail, attachments, and other data cannot be accessed outside of the Container environment.
S-Calendar
The Containers Calendar can receive event details from the users personal calendar on a readonly basis. Both business and personal appointments are consolidated in the Container calendar view. Business events do not appear in the calendar in the personal environment.
12
My Files
The file systems outside and inside the Container are similar in appearance, however files that are stored in the Container are not accessible outside the Container.
13
Phone
The Phone app in the KNOX Container is same Phone app available for use in your personal environment. Phone contact information within the KNOX Container cannot be accessed outside of the Container environment (just as phone contact data stored in your personal environment cannot be accessed within the KNOX Container).
14
App Information
The Samsung KNOX App Information tool enables you to perform the following tasks: Check an app version number Stop or uninstall the app Check the apps disk space or memory usage Clear data or cache Check granted permissions, for example, access to network, location, phone, hardware control
To display the App Information tool: 1. 2. 3. Tap Settings > More > Application Manager. Navigate to the All view. Tap the App name to view App Info.
15
4.
CAC is used as a Public Key Infrastructure (PKI) authentication method for the following functions: E-mail o o o Browser o Access secure web pages Sign E-mail with digital signature Encrypt/decrypt E-mail message Verify digital signature
16
If a requesting application needing the CAC is not in the foreground, it may show a notification status of CAC PIN Expired. You must tap the CAC PIN Expired notification and enter the PIN again to re-authenticate.
When a CAC is configured using the bai MP3000 Bluetooth reader, the device and the reader are paired to work together. For instructions on device pairing, refer to the BAI M3000 Android Bluetooth Reader Users Guide. After device pairing, a CAC menu item is added to the Select screen lock settings menu as a screen lock option (in addition to PIN, password, and so on).
17
Device Status
The Samsung KNOX Device Status tool enables you to view status data about your device. The following status information is available: Check battery levelIf user-controlled KNOX device activation is enabled, battery level must be >70% Check signal strengthThe KNOX activation process requires a stable cellular or Wi-Fi connection Check mobile network stateIf downloading files over a cellular connection, the status must be Connected
To display the Device Status tool: 1. Settings > More > About device > Status
18
KNOX Settings
The Samsung KNOX Settings tool enables you perform the following tasks: Change the password that you enter to switch to KNOX mode (Note that this action also requires old password) Check the KNOX version installed Display the End User License Agreement (EULA)
To display the KNOX Settings tool: 1. 2. 3. 4. From within the Container view, tap the Menu key (lower left button) and select KNOX settings. From this view you can change your password, determine your KNOX application version, or view the KNOX EULA. Tapping Change password will navigate you to the password change screen. Tapping About KNOX launches the Samsung KNOX Application version screen. Tap the Terms and Conditions button to view the EULA.
Notifications Bar
The notifications from apps running in the KNOX Container are displayed on the Notifications bar, however note that extended information is not allowed. The apps inside a Container do not show up on task bar history, running tasks, downloaded apps, and so on, outside of the Container.
19
Tap the Samsung KNOX banner to return to the Container view. Enter Container password if prompted
The Samsung KNOX Notifications Bar tool enables you to easily view the following notifications: Error notifications Wi-Fi connectivity KNOX Status notifications
To display the Samsung KNOX Notifications Bar, swipe downwards from the top of the phone.
Settings
The Samsung KNOX Settings tool enables you to perform the following tasks: Determine Version and Build Information Edit and check KNOX Settings Check Device Status Check Wi-Fi Status Check the Task Manager Check App Info
To display the Samsung KNOX Settings tool: 1. 2. Access the Settings menu by tapping the Settings icon on the desktop or by pressing and holding the Home button. Select Settings from the Task Switcher menu.
Task Manager
The Samsung KNOX Task Manager tool enables you to perform the following tasks: Check (and end) running apps Check (and uninstall) downloaded apps Check memory usage Check available disk space
20
To display the Samsung KNOX Task Manager: 1. 2. 3. 4. 5. Push and hold Home button. Tap the Task Manager icon. Select either Active apps or Downloaded apps buttons. Tap the RAM or Storage icons to see how system resources are being consumed. Tap the individual app to display App Info.
Task Switcher
The Android Task Switcher assembles all tasks running inside and outside of the Container. Details about Container-related tasks are not shown).
21
To display the Version and Build Information tool, select: Settings > More > About device
VPN
The Samsung KNOX platform includes an IPsec VPN solution which encrypts the associated IP traffic to protect your data in transit. Typically, your enterprise administrator provisions your device with the enterprise VPN profile. Enterprise apps will then connect securely into the enterprise network over the VPN connection. Per-app VPN support allows only selected apps within a KNOX Container to use a VPN profile. When a VPN profile is configured with per-app VPN settings, only those apps that have been specified to use this VPN connection will be allowed to send data over this connection. Also, these apps will always send their data over the VPN, and never directly over the Internet. All other apps will use the non-VPN connection. This allows for network separation. Your personal internet data will never be sent to the enterprise.
VPN tunnel
Container
Internet
Personal Applications YouTube
22
Figure 19 illustrates a KNOX platform configuration that uses the VPN to provide data in transit protection for selected enterprise apps running inside the KNOX Container. The IT administrator has configured a KNOX Container on the employee's device with several apps, including two enterprise apps that need to connect back to the enterprise intranet servers. To make sure that these two apps always use the enterprise VPN when communicating over the network, the administrator will use the per-app VPN feature available on the KNOX platform. When per-app VPN is enabled during provisioning of the VPN profile, the administrator adds the basic VPN gateway information and the list of apps that must use this VPN. When these apps are added to this list, they can only communicate over the configured VPN connection. In Figure 19, the browser and messaging apps have been added to the enterprise VPN profile. Whenever you run either app, the KNOX platform automatically starts the VPN connection, if not already connected. After the profile is received, tap the profile and the device will connect via the VPN service. If prompted, enter your credentials.
Wi-Fi Status
The Samsung KNOX Wi-Fi Status tool enables you to check Wi-Fi connectivity and signal strength. Note that some file downloads may be allowed over Wi-Fi only. For example, the update package downloaded during the initial KNOX activation can only be enabled by the MDM app on the device over a Wi-Fi connection. To display the Samsung KNOX Wi-Fi Status tool: 1. 2. Tap Settings to display the Connections view. Tap Settings > Wi-Fi to view available Wi-Fi networks and to view signal strength.
23
5 Troubleshooting Tips
This chapter describes some of the more common issues you may experience while using Samsung KNOX.
24
Password Issues
The following guidelines are provided for password-related issues.
A progress bar with messages indicates the status. Once the KNOX Container is created, you can launch KNOX and enter your password to begin using your KNOX Container apps and widgets.
25
Any time there is inactivity in the Samsung KNOX Container (10 minutes by default), you must re-enter your password.
Note
Remove and re-create the E-mail account. If these issues persist, contact your IT administrator support group.
26
2. 3. 4.
Try downloading using another KNOX device to determine whether the issue is with only one device. If another device has the same issue, contact your IT administrator. If issues persist, contact your IT administrator support group.
VPN Issues
Here are some guidelines for VPN issues.
No VPN Connection
An app that uses VPN is not able to access the internet, for example, Container-based browser cannot display web pages. Perform the following steps: 1. Check the underlying network connection: 2. 3. Wi-Fi is on, with good Wi-Fi signal strength Cellular access is up, Mobile data is on
Error Messages
Here are some potential error messages and suggested workarounds.
27
Perform the following steps: 1. 2. Reboot the device. If issues persist, contact your IT administrator support group.
Additional CAC and CAC reader information: http://www.cac.mil/ BAI M3000 Android Bluetooth Reader Users Guide
Uninitialized CAC CardContact the CAC administrator CAC Locked (after three incorrect login attempts)Contact the CAC administrator to unlock the card No ConnectionConnection to the Smart Card does not exist. Possibly due to card not present in reader or reader is out of range. Device Not ConfiguredIndicates that the Smart Card Reader is not configured on the device. Possibly the device may not be paired.
28
29