Centrify for Samsung KNOX

Administrators Guide
October 2013

Centrify Corporation

Legal notice
This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in such license agreement or non-disclosure agreement, Centrify Corporation provides this document and the software described in this document as is without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore, this statement may not apply to you. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of Centrify Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of Centrify Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Centrify Corporation may make improvements in or changes to the software described in this document at any time. 2004-2013 Centrify Corporation. All rights reserved. Portions of Centrify DirectControl are derived from third party or open source software. Copyright and legal notices for these sources are listed separately in the Acknowledgements.txt file included with the software. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the governments rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. Centrify, DirectAudit, DirectControl and DirectSecure are registered trademarks and DirectAuthorize and DirectManage are trademarks of Centrify Corporation in the United States and other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. Centrify Suite is protected by U.S. Patents 7,591,005, 8,024,360, and 8,321,523. The names of any other companies and products mentioned in this document may be the trademarks or registered trademarks of their respective owners. Unless otherwise noted, all of the names used as examples of companies, organizations, domain names, people and events herein are fictitious. No association with any real company, organization, domain name, person, or event is intended or should be inferred.

Contents
About this guide
6

Intended audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Guide conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Where to go for more information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Contacting Centrify Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1

Introduction to Centrify for Samsung KNOX

What is Centrify for Samsung KNOX? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Benefits of Centrify for Samsung KNOX for your organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Using Centrify for Samsung KNOX on mobile devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Accessing web-based single sign-on applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Accessing native mobile applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Using the MyCentrify web-based user portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Administering Centrify for Samsung KNOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Using Centrify for Samsung KNOX administrator tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Providing Centrify for Samsung KNOX to your users. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Setting up SSO for Centrify for Samsung KNOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Setting up Centrify for Samsung KNOX MCM and MDM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 For more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 2

Installing and configuring Centrify for Samsung KNOX

21

Specifying the right to modify permissions in Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Installing the Centrify cloud proxy server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Configuring the cloud proxy server for MDM and MCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Completing the Cloud Proxy Server Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Configuring the Centrify cloud service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Enrolling the mobile device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Creating the KNOX Container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Installing Centrify for KNOX from Samsung KNOX Apps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Preparing a device that uses MDM/MCM from another vendor. . . . . . . . . . . . . . . . . . . . . . . . 30 Preparing a device that uses Centrify for Samsung KNOX for MDM/MCM . . . . . . . . . . . . . . 30

Installing Centrify for KNOX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Chapter 3

Configuring the Centrify cloud service and managing devices

34

Configuring the Centrify cloud service for single sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Deploying applications from Cloud Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Selecting web applications using MyCentrify. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Deploying mobile applications that use SSO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Configuring the Centrify cloud service for MDM/MCM settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Managing mobile devices and Knox containers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Sending commands to devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Generating reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 Self-service management with MyCentrify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Centrify for Samsung KNOX Administrators Guide

About this guide

This book provides the information you need in order to understand, install, and configure Centrify for Samsung KNOX. Centrify for Samsung KNOX is a mobile device, mobile application, and mobile container management solution that uses the Centrify cloud service to secure communications between devices, the Active Directory directory service, and administrator tools.

Intended audience
This guide contains information for system and network administrators who are responsible for managing access to network resources, particularly access to internal network resources from outside mobile devices or access to outside web services provided by other organizations. These administrators should know how to use Microsoft Windows tools, especially these components: Active Directory Users and Computers and Group Policy Management Editor.

Guide conventions
This guide uses the following conventions: Fixed-width font presents sample code, program names or output, file names, and commands that you type at the command line. When italicized, the fixed-width font indicates variables.

Bold text emphasizes commands, buttons, or user interface text, and introduces new terms. Italics present book titles and emphasize specific words or terms. Terms enclosed in [braces] in command syntax are optional.

Where to go for more information

For the full documentation on Centrify for Samsung KNOX software, group policy, and cloud service configuration possible with Centrify for Samsung KNOX, see the following documentation: Release Notes included on the distribution media or in the download package provide the most up-to-date information about the current release, including system requirements and

Contacting Centrify Corporation

supported platforms, and any additional information, specific to this release, that may not be included in other documentation.

Cloud Manager help provides task-oriented information for administrators who need to modify applications, manage roles and users, and configure settings in the Cloud Manager. To open, click Help from the user account drop-down list in the Cloud Manager administrator web portal MyCentrify help provides task-oriented information for users to navigate and launch their deployed applications, view their activity, manage their own mobile devices, and specify some Active Directory settings. To open, click Help from the user account drop-down list in the MyCentrify user web portal. Application configuration help provides specific details for configuring each kind of application that Centrify provides, including individual SaaS applications for SSO, userpassword applications, and mobile applications. To open, click the Help link from an application in the App Catalog. The Centrify User Suite Overview, Installation, and Configuration Guide provides more in-depth explanations of the installation procedures and the group policies.

Contacting Centrify Corporation

If you have questions or comments, we look forward to hearing from you. For information about contacting Centrify Corporation, visit our website at www.centrify.com. From the website you can get the latest news and information about products, support, services, upcoming events, investor relations, and sales.

About this guide

Chapter 1

Introduction to Centrify for Samsung KNOX

Centrify for Samsung KNOX delivers Active Directory-based single sign-on (SSO), mobile container management (MCM), and mobile device management (MDM) for Samsung KNOX-enabled devices and is available as standard features with the KNOX platform. End users enjoy the improved productivity benefits of Zero Sign-On access to rich mobile apps and cloud-based SaaS apps while IT administrators can easily manage KNOX containers and the underlying devices using an infrastructure they already own Active Directory. Samsung KNOX is an Android-based solution provides for platform security, application security, and mobile device management. Centrify for Samsung KNOX is available on the Centrify website to any organization that uses Samsung KNOX and has a Samsung KNOX license key and has users of Samsung mobile devices that are KNOX-capable (devices that can have KNOX containers in which work applications are kept separate and secure). This book covers the essentials for setting up and configuring Centrify for Samsung KNOX. If you want to use Centrify with non-Samsung KNOX mobile devices in addition to Samsung KNOX devices, you need to upgrade to the Centrify User Suite. For more information, go to http://www.centrify.com/products/centrify-user-suite.asp.
Note

What is Centrify for Samsung KNOX?

What is Centrify for Samsung KNOX?

Centrify for Samsung KNOX is a cloud-based service that connects with your existing Active Directory infrastructure and allows you to provide secure access to centrally managed applications and to centrally manage your users Samsung KNOX-capable devices and Samsung KNOX containers. The Samsung KNOX container is a secure application container on a Samsung mobile device that is isolated from the users other applications and device data. You can manage the container while the user can still access personal applications outside the container in the standard Android environment.

Inside the Samsung KNOX container, you can provide your users single sign-on access (SSO) to mobile and web applications that you control and manage.You can configure webbased Software as a Service (SaaS) applications, such as Salesforce or Office 365. You can also deploy mobile applications that are specially configured to work inside of the KNOX container. Some mobile container applications can also be configured for SSO so that your users dont have to log in separately when launching them. Centrify for Samsung KNOX securely connects with your existing Active Directory infrastructure but does not copy any Active Directory information into the cloud. You install the Centrify cloud proxy server on a computer in your network, and the cloud proxy server handles the communication between Active Directory and the Centrify cloud service. Along with the cloud proxy server, you can also install Centrify extensions to Active Directory Users and Computers (ADUC) and Group Policy Management Editor (GPME). These extensions provide an easy way for you to manage your users mobile devices and KNOX containers.

Chapter 1 Introduction to Centrify for Samsung KNOX

Benefits of Centrify for Samsung KNOX for your organization

The cloud proxy server connects to the Centrify cloud service, which provides the backend services for all of the features of the Centrify for Samsung KNOX solution, including the Cloud Manager and MyCentrify web portals.

You log in to the Cloud Manager administrative web portal to add, configure, and deploy both web and mobile applications. You can assign Active Directory users and groups to roles and deploy applications to specified roles. You can also use Cloud Manager to manage devices and containers, create custom reports, and manage your system-wide settings. Your users log in to the MyCentrify user web portal to manage their own devices, launch web applications, and view their activity and Active Directory account information.

Benefits of Centrify for Samsung KNOX for your organization

Centrify for Samsung KNOX provides you, the IT administrator, control and flexibility in deploying web application access to your users. With Centrify for Samsung KNOX, you can achieve these goals: Enhance your users productivity: Your users can go to a single web portal to get SSO access to all of their web applications. Users experience less frustration, more satisfaction, and more productivity by not having to remember multiple passwords to

Centrify for Samsung KNOX Administrators Guide

10

Using Centrify for Samsung KNOX on mobile devices

get their work done. Both you and your users experience greater peace of mind as users no longer store passwords in non-secure locations or use passwords that are easy to remember but dont meet corporate security guidelines.

Reduce your helpdesk burden: As much as 40% of your helpdesk call volume can be related to password or account reset issues. Your users lose productivity and IT experiences greater frustration and unnecessary expense. Centrify for Samsung KNOX can quickly lower costs by improving user productivity and reducing web-based account or account reset calls by as much as 95%. Improve security: According to the 2012 Verizon Data Breach Investigations Report, five of the top six attack vectors were focused on users passwordsaccounting for the majority of data breaches. Centrify for Samsung KNOX reduces or eliminates the use of passwords for authenticating to users applications through the use of secure single signon. When necessary, you can remove access to all applications by simply disabling a users Active Directory account. There are fewer passwords and password storage locations, making the Samsung mobile device more secure. Improve IT monitoring and control: Every web and mobile application in use by your organization represents yet another silo of identity and access control challenges. By controlling access to SaaS applications through Centrify for Samsung KNOX and centrally authenticating users with their Active Directory identity, you gain valuable information about which applications users are using. When a person leaves your organization, you can easily and quickly shut down their access to all of your businesscritical SaaS applications. Reduce compliance overhead: With easy and thorough reporting on who in your organization has access to which SaaS and mobile applications, and what they did with that access privilege, you can more quickly show compliance with regulations and industry best practicesfreeing up expensive IT resources to deliver on projects that are important to the prosperity of your organization. Leverage existing infrastructure and skill sets: By providing the industry's tightest integration of SaaS and mobile applications with Microsoft Active Directory, you can more cost-effectively deliver single sign-on and security because you can leverage existing technology, skill sets, and processes associated with your Active Directory environment.

Using Centrify for Samsung KNOX on mobile devices

Your users can enroll their mobile device with the Centrify cloud service, which enrolls the device to your Active Directory domain. Either you or your users can create the KNOX container, and when that happens, Centrify creates a certificate-based trust between the container, its user, and Active Directory. Centrify uses that certificate to authenticate the user and find the users assigned roles, which determines which web applications and

Chapter 1 Introduction to Centrify for Samsung KNOX

11

Using Centrify for Samsung KNOX on mobile devices

mobile applications are assigned to that user. The trust provides the user with single sign-on access to the assigned applications. Users can access two different kinds of applications inside of the KNOX container: web applications and mobile applications.

Accessing web-based single sign-on applications

Both you and your users can set up web applications for use inside of the Samsung KNOX container. You add and deploy web applications using Cloud Manager, and users can add applications using MyCentrify. To access their web applications within the KNOX container, users open their KNOX container, enter their KNOX container password, touch the Centrify for KNOX application, and then touch to open a Centrify web application. Only the web applications that you have assigned to them display in the Centrify for KNOX application. The web applications open in the mobile browser inside the KNOX container. Centrify for Samsung KNOX handles the SSO by way of a KNOX SSO service that runs in the background of the KNOX container and connects to the Centrify cloud service.

Centrify for Samsung KNOX Administrators Guide

12

Using Centrify for Samsung KNOX on mobile devices

Accessing native mobile applications

Users can access mobile applications that are native to the Android operating system and that run inside the secure Samsung KNOX container. You deploy these mobile applications to users or have your users download and install some applications themselves from the KNOX Apps Store. You can also deploy native mobile applications that run inside the Samsung KNOX container that are configured for SSO inside the container. To access these mobile container applications, users can open their KNOX container, enter their KNOX container password, and then touch one of the applications listed. The mobile application opens inside the KNOX container. If the application is configured for SSO, the user doesnt have to log in to the application directly, because the authentication is handled by the KNOX SSO service that runs in the background in the KNOX container.

Chapter 1 Introduction to Centrify for Samsung KNOX

13

Using the MyCentrify web-based user portal

Using the MyCentrify web-based user portal

Your users log in to MyCentrify to access the web applications that youve assigned to them. They can also monitor their application and device activity, and do self-service management of some of their personal Active Directory properties.

Users can add applications that require a user name and password, and applications that use a bookmark by going to the MyApps page and clicking Get More Apps. These web applications display on the MyApps page in the MyCentrify web portal and also in the Centrify for KNOX mobile application.

Administering Centrify for Samsung KNOX

Using Centrify for Samsung KNOX, you can specify which applications are allowed in users Samsung KNOX containers, avoid time-consuming work related to forgotten user credentials for applications, and make sure your organizations data remains secure. You can also manage mobile devices and users KNOX containers.

Centrify for Samsung KNOX Administrators Guide

14

Administering Centrify for Samsung KNOX

Using Centrify for Samsung KNOX administrator tools

The Cloud Manager web portal provides different tabs for each type of object that you need to administer: applications, roles, users, devices, dashboards, settings, and reports. As an administrator, you use Cloud Manager to do the following: Deploying web applications

Deploying mobile applications Managing roles for users and groups Configuring application settings for specific users, when needed Managing Samsung KNOX devices and containers Administering general settings and policies, such as authentication, session timeout, intranet IP range, and so forth Reporting on all cloud service information

You can configure group policies specific to Samsung KNOX containers and Samsung SAFE devices using the Centrify for Samsung KNOX Group Policy Management Editor (GPME) extension.

Chapter 1 Introduction to Centrify for Samsung KNOX

15

Administering Centrify for Samsung KNOX

With the Centrify for Samsung KNOX Active Directory Users and Computers (ADUC) extension, you can perform management tasks for devices, call logs, and Samsung KNOX containers.

You use the Cloud Proxy Server Configuration tool to manage the cloud proxy server and its connection between your Active Directory and the Centrify cloud service.

Centrify for Samsung KNOX Administrators Guide

16

Administering Centrify for Samsung KNOX

Providing Centrify for Samsung KNOX to your users

For the full user experience (and the broadest management capability for you), your users need two Centrify mobile applications. You can download the applications, upload them into Cloud Manager, and deploy them to your users. Alternatively, your users can download them directly from Google Play and the Samsung KNOX Apps Store: Centrify application for Android: Available from Google Play. With this application, which is installed the mobile device, users enroll their devices in the Centrify cloud service, which provides connection to Active Directory and in turn installs the group policies that manage and protect the device. As part of enrollment, the Centrify cloud service can create a Samsung KNOX container on each enrolled device.

Centrify for KNOX application: Available from the Samsung KNOX Apps Store. With this application, which is installed in the Samsung KNOX container, your users log in to this application and get single sign-on access to the web and mobile applications that you deploy to their Samsung KNOX container.

If youre using Centrify for Samsung KNOX for SSO only and not for MDM/MCM (for creating and managing the container and managing the devices), your users need just the Centrify for KNOX application.

Chapter 1 Introduction to Centrify for Samsung KNOX

17

Administering Centrify for Samsung KNOX

For access to the MyCentrify user web portal, you provide your users the MyCentrify URL and the information they need to log in.

Setting up SSO for Centrify for Samsung KNOX

Centrifys Samsung KNOX SSO service is built into every Samsung KNOX container. The service does, however, need to be enabled by the MDM provider managing the KNOX container. When configuring Centrify for Samsung KNOX for SSO, you install the proxy server, and then use Cloud Manager to deploy applications to your users. To provide a web application to your users, you open Cloud Manager to the Apps page and click Add App. The App Catalog opens, and you can select the applications that you want to add. For each application that you select, you configure some general application settings and then assign roles to the application. The application is deployed (made available to users MyCentrify) when you save your changes to the both the application settings and role assignments. In addition to deploying the web applications, you also deploy the Centrify for KNOX mobile container application so that users can access the web applications from inside the KNOX container.

Centrify for Samsung KNOX Administrators Guide

18

Administering Centrify for Samsung KNOX

You can deploy SAML applications or applications that use just a user name and password for authenticationor even a simple bookmark of an application URL. The process of deploying mobile applications is similar to deploying web applications. You provide either the custom APK binary file or the package name of the application in Google Play or the KNOX Apps Store. For mobile applications that are configured for SSO inside the KNOX container, you also deploy a matching web SAML application to provide the SSO functionality for the mobile application (because SAML authentication is needed for SSO and mobile applications dont use SAML directly).

Setting up Centrify for Samsung KNOX MCM and MDM

When using Centrify for Samsung KNOX for MCM and MDM, you install the Centrify cloud proxy server and the ADUC and GPME extensions. You then deploy the Centrify mobile application. (If youre also using SSO, you also deploy the Centrify for KNOX mobile application). You provide mobile applications similarly to how you provide web applications. You provide either the custom APK binary file or the package name for the application in Google Play. To provide a mobile application to your users, you open Cloud Manager to the Apps page and click Add App. The App Catalog opens, and you can select the applications that you want to add. For each application that you select, you then specify the application package name (or the custom APK file) and then assign roles to the application. The application deploys (is made available in MyCentrify) to users when you save your changes to the both the application settings and role assignments.

Chapter 1 Introduction to Centrify for Samsung KNOX

19

For more information

For more information

For more information, see the online help available through the web portals. The Centrify Application Configuration Help provides instructions related to deploying web and mobile applications. https://cloud.centrify.com/vfslow/lib/docs//appref/wwhelp/wwhimpl/js/html/ wwhelp.htm The Centrify Cloud Manager Help provides instructions related to other management tasks that you can do in Cloud Manager. https://cloud.centrify.com/vfslow/lib/docs//adminref/wwhelp/wwhimpl/js/html/ wwhelp.htm The MyCentrify Help provides instructions for users related to enrolling and managing their mobile devices and web applications. https://cloud.centrify.com/vfslow/lib/docs/userref/wwhelp/wwhimpl/js/html/ wwhelp.htm

Centrify for Samsung KNOX Administrators Guide

20

Chapter 2

Installing and configuring Centrify for Samsung KNOX

The purpose of this chapter is to help you install and configure the basics for your Centrify for Samsung KNOX implementation. This approach helps you experience what the product provides for you and your users without your having to configure every detail first. Information leading you to further configuration possibilities, and the resulting experience for you and your user, is in Chapter 3, Configuring the Centrify cloud service and managing devices, Here are the tasks that lead to a basic setup: Installing the Centrify cloud proxy server on page 23 If you are using Centrify for Samsung KNOX for SSO only, you can skip the next three sectionsthese are for installing the MDM/MCM components only. Instead, proceed directly to the Installing Centrify for KNOX instructions.

Configuring the Centrify cloud service on page 26 Enrolling the mobile device on page 27 Creating the KNOX Container on page 28 Installing Centrify for KNOX from Samsung KNOX Apps on page 30

To install and configure the Centrify for Samsung KNOX solution, you need to have the following:
Requirement Windows computer Description You install the cloud proxy server on this computer. This computer must be joined to your Active Directory domain controller and meet the following specifications: Windows Server 2008 R2 (64-bit) or Windows 7 (32-bit or 64-bit) Internet access Microsoft .NET version 4.0 or later; if it isnt already installed, the Centrify installer installs it for you. The account you use to install the cloud proxy server must have administrator privileges on the domain controller. In addition, you must have Active Directory Modify Permissions ability (see Specifying the right to modify permissions in Active Directory on page 22) You install the applications that are part of the Centrify for Samsung KNOX solution from Google Play and the Samsung KNOX Apps store on this device. The device must have at least Wi-Fi network connection to the internet.

Administrator access to your Active Directory domain controller and modify permissions Samsung KNOX-capable device

21

Specifying the right to modify permissions in Active Directory

Requirement The Samsung KNOX license key and licenses for mobile devices

Description You need one license key per Centrify cloud service account in order to implement the Centrify for Samsung KNOX solution and a license for each mobile device you want to enroll. If you don't have the license key and licenses yet, contact Samsung or your mobile service provider. You and your users need to be able to access the web portals that help you manage devices and applications (Cloud Manager for you and MyCentrify for users). The Cloud Manager and MyCentrify web portals for this version of Centrify for Samsung KNOX have been confirmed for use on the following web browsers: Internet Explorer: version 9 and 10 on Windows 7 and Windows 2008R2 server Mozilla Firefox: version 23 and later Google Chrome: version 28 and later Apple Safari: version 6 You and your users need to have Google Play accounts so that they can download the free Centrify cloud service application to their devices. Your users need accounts to be able to download the free Centrify for KNOX application from the Samsung KNOX Apps store. If you do not already have an account, you can create one just before you install Centrify for KNOX.

A supported browser

A Google Play account A Samsung account

Specifying the right to modify permissions in Active Directory

To install and administer the Centrify cloud proxy server, the user account you use to install the software must have the Modify Permissions right in Active Directory. You enable this right in Active Directory Users and Computers, in Advanced Features.
To specify the right to modify permissions to an Active Directory user or group: 1 In Active Directory Users and Computers, make sure that you have Advanced Features

enabled (View > Advanced Features).

2 Open the properties for the user or group to which you want to give the right to modify

permissions, and click the Security tab.

3 In the Security tab, click Advanced. 4 In the Advanced Security Settings dialog box, click Add. 5 Enter the name of the user account that you will use to install the cloud proxy server, and

click OK.
6 In the Permission entry dialog box, click Allow for Modify Permissions and click OK.

The Permissions tab of the Advanced Security Settings dialog box lists the user or group to which you have given the right to modify permissions.

Centrify for Samsung KNOX Administrators Guide

22

Installing the Centrify cloud proxy server

7 In the Advanced Security Settings dialog box, click OK. 8 In the Properties dialog box, click OK.

Installing the Centrify cloud proxy server

You use the Cloud Management Suite installer to install the Centrify cloud proxy server and, optionally, the Active Directory and Group Policy Management Editor console extensions. The procedures in this section describe how to install the cloud proxy server, activate the server, and configure the proxy server for MDM/MCM and SSO.
To install the cloud proxy server: 1 On your Windows computer, run the installation program in the Centrify Cloud Proxy

Server Installer zip file appropriate for your system: Cloud-Mgmt-Suite-<version>win32.exe for 32-bit Windows or Cloud-Mgmt-Suite-<version>-win64.exe for 64bit Windows. If Microsoft .NET version 4.0 or later is not already installed on your computer, the installer installs it for you. Restart your computer after .NET installation and then you can continue the installation of the Cloud Management Suite.
2 Click Next on the welcome screen. Then, indicate your agreement to the licensing terms

and conditions in the check box and click Next.

3 In the Custom Setup dialog box, select the items to install.

The components you install depend upon whether you are using Centrify for Samsung KNOX for SSO alone or for MDM/MCM, with or without SSO. If you are using Centrify for Samsung KNOX as your MDM and MCM solution, select all of the components (the default) for installation. If you are using another vendors MDM and MCM solution, deselect the Centrify for Mobile Tools option (circled in the picture).

Chapter 2 Installing and configuring Centrify for Samsung KNOX

23

Installing the Centrify cloud proxy server

4 You can click Browse to specify a different installation location.

Click Next.
5 In the Ready to Install Cloud Management Suite page, click Install to perform the

installation.
6 When the installation completes, keep Run Connection Test selected and click

Finish. A connection test runs to verify that your server is connected properly for the proxy server to run. If any errors are returned, you must fix them before continuing.
7 Click Close to close the Connection Test dialog box, then the Cloud Proxy Server

Configuration Wizard launches.

To activate the cloud proxy server: 1 In the Cloud Proxy Server Configuration Wizard Welcome page, click Next. 2 In the Proxy Configuration page, enter your one-time activation code in the Registration

code field and click Next.

3 In the Web Proxy Configuration page, if your network has a web proxy server that you

want to use for the connection to the Centrify cloud service, select the Use a web proxy server... option. If you do not have a web proxy server, click Next without selecting the option; the cloud proxy server wont connect through the web proxy server. If you selected the web proxy option, enter the following information: Address The URL of the web proxy server. Port The port number to use to connect to the web proxy server.
4 Click Next to continue.

Centrify for Samsung KNOX Administrators Guide

24

Installing the Centrify cloud proxy server

The Configuring Mobile Use screen appears. Your selection in this screen depends upon whether you are using Centrify for Samsung KNOX or another vendor for mobile device and container management.
5 Do one of the following:

If you are using Centrify for Samsung KNOX as your MDM and MCM solution, keep the Configure Centrify for Mobile option selected and continue to Configuring the cloud proxy server for MDM and MCM. If you are using another vendors MDM and MCM solution, deselect the Configure Centrify for Mobile option and continue to Completing the Cloud Proxy Server Configuration Wizard.

Configuring the cloud proxy server for MDM and MCM

Note

This procedure is for organizations using Centrify for Samsung KNOX for MDM/ MCM. If you are using another an MDM solution from another vendor, skip this procedure. When you select the Configure Centrify for Mobile option, the configuration wizard displays the following screen:

In this procedure you define who can enroll mobile devicesonly the members of the Active Directory groups you define in this dialog box can enroll devicesand the containers for the mobile device objects. The Active Directory group and organizational unit are always specified as a pair. By default, the user group is Domain Users and the organizational unit is Computers. When you select the default, any user with an account in the Active Directory Users container can enroll mobile devices, and the Centrify cloud service adds the device record to the Computers container when the user enrolls the device. You can specify additional groups and containers pairings at any time using the Cloud Proxy Server Configuration program.

Chapter 2 Installing and configuring Centrify for Samsung KNOX

25

Configuring the Centrify cloud service

To configure the cloud proxy server: 1 In the Configuring Mobile use window, click Next to accept the default Users and

Computers containers.
2 Click OK when finished. 3 Click Next.

Completing the Cloud Proxy Server Configuration Wizard

The Starting Cloud Proxy Server dialog box appears while the wizard registers the proxy with the Centrify cloud service and starts the proxy. When setup and startup is complete, the Setup Completed dialog box appears. Click Finish to exit the wizard. The cloud proxy server is now installed and running. The Centrify cloud proxy server configuration program starts automatically, however, no further configuration is required. Click Close to exit it. If you are using Centrify for Samsung KNOX for SSO only, go to Installing Centrify for KNOX from Samsung KNOX Apps on page 30, skipping the remaining configuring the Centrify cloud service, enrolling device, and creating container sections. If you are using Centrify for Samsung KNOX for MDM and MCM, continue through the remainder of this chapter.

Configuring the Centrify cloud service

Before you can create a KNOX container, you need to enter your Samsung KNOX license key. You do this in Cloud Manager.
To enter your Samsung KNOX license key: 1 Open Cloud Manager.

Open a browser and enter the URL https://cloud.centrify.com/manage.

2 Log in.

Cloud Manager prompts you for a user name and password. Enter your full Active Directory login name, including UPN suffix (for example, first.last@domain.com) and password. Cloud Manager displays the Apps page. This page is blank until you deploy applications.
3 Select the Settings page. 4 Under Settings, select Samsung KNOX Settings.

Centrify for Samsung KNOX Administrators Guide

26

Enrolling the mobile device

5 Click the Samsung KNOX License Key field and enter the license key. 6 Click Save.

Enrolling the mobile device

In this procedure, you install the Centrify application on your KNOX-capable device and enroll the device. After you enroll the device, the Centrify cloud service adds it to the Cloud Manager Devices page. To begin, turn on and log in to your device and open the Play Store.
To install Centrify from Google Play: 1 Select the Search icon, enter Centrify. 2 Touch Centrify to display the application details. 3 Touch the Install button. 4 Scroll through and read the Privacy and Device Access terms under Do you want to

install this application? and touch Install. This initiates the installation process. When its complete the screen displays, Application Installed.
5 Touch Open to proceed with enrolling your device. 6 Enter your user name and password.

Enter your full Active Directory login name, including UPN suffix (for example, first.last@domain.com) and password.
7 Centrify displays the screen, Active Device Administrator? 8 Read through the text and touch Activate.

Centrify displays its Privacy policy

9 Read through the text and touch the check box to confirm I acknowledge that I have read

and understood, and I agree to, all of the terms and conditions above and then touch Confirm. After you enroll the device, Centrify continues in the background to load applications deployed to the device and install group policies. This may take a minute or two.

Chapter 2 Installing and configuring Centrify for Samsung KNOX

27

Creating the KNOX Container

Creating the KNOX Container

Only the device owner can create the KNOX container. However, you must first enable the device to let the user create the KNOX container. There are two ways you can enable the device to let the user create the KNOX container: You can enable a group policy that lets users create the KNOX container as soon as they enroll the device.

You can send the Create container command from Cloud Manager that lets the user create the KNOX container as soon as the command is received on the device.

After the device is enabled, the device owner uses the Centrify application running on the phone to create the KNOX container. In this procedure, you send the Create container command from Cloud Manager. In the subsequent procedure, you create the KNOX container from the device.
To enable the user to create a KNOX container: 1 If Cloud Manager is not open, enter the URL https://cloud.centrify.com/manage in

your browser and log in using your Active Directory credentials.

2 Select the Devices page. 3 Select the device. 4 Click the Container Management drop-down list and select Create Container.

Cloud Manager sends the command immediately to the device. The create message appears briefly in the Navigation tray in the device.
To create the container: 1 If the Centrify mobile application is not open on your device, open Apps and touch

Centrify.
2 Touch the Setup tab. 3 Under SETUP REQUIRED, touch Create KNOX container.

Centrify for Samsung KNOX Administrators Guide

28

Creating the KNOX Container

The Centrify app displays the Privacy policy screen.

4 Read through the text and touch the check box to confirm that this statement is true: I

acknowledge that I have read and understood, and I agree to, all of the terms and conditions above; then touch Confirm. This initiates downloading the KNOX container software. This can take a minute or two. When the download is complete, Centrify displays the KNOX container Terms and conditions and Privacy Policy screen
5 Read through the Terms and conditions and Privacy Policy, select I accept all the

terms above, and touch Next.

6 Enter the KNOX container password you want to use, enter it again, and touch Next.

This initiates KNOX container creation. KNOX container creation takes a minute or so to complete.
7 Touch Launch.

The Centrify cloud service confirms that you have a license available.
8 Enter your password and touch Done.

You are now inside the KNOX container. The applications shown in the container are different from the applications displayed on your home screens. You manage applications that appear outside and inside the container for example, Email, Phone, and Contactsseparately. For example, you can configure the Email application inside the KNOX container and outside the KNOX container for different accounts. You can install additional mobile applications inside the container from the Samsung KNOX Apps store. You can also deploy web applications and wrapped mobile applications to the KNOX container using Cloud Manager. There are two icons you use to enter and exit the Samsung KNOX container. To enter the container from your home screen, touch this icon.

This icon is added to your Apps catalog when you create the container. You can also enter the container by dragging down on the devices notification bar and touching Samsung KNOX Tap to Start.

Chapter 2 Installing and configuring Centrify for Samsung KNOX

29

Installing Centrify for KNOX from Samsung KNOX Apps

To exit the container you touch this icon.

Installing Centrify for KNOX from Samsung KNOX Apps

Centrify for KNOX is a mobile application that users install inside the KNOX container. They use it to open the web applications you assign to them. This lets users open the SaaS applications they use for workfor example, Salesforce or Dropboxfrom within the container. Web applications can be assigned to Centrify for KNOX in ways: An applications administrator can assign them using Cloud Manager. The Centrify cloud service has hundreds of web applications preconfigured for immediate assignment. To see the catalog, open the Cloud Manager Apps page and click Add Apps.

Users can add their own web applications. See MyCentrify help for the details.

Centrify for KNOX provides SSO authentication for all web applications. Users just log in once. After that, Centrify for KNOX safely stores the credentials for that application and silently authenticates the user in subsequent log ins. Before you can install Centrify for KNOX in the container, Centrify for KNOX must be added to a whitelist of applications allowed to use the Samsung KNOX containers SSO feature. How you configure the device depends upon whether you are using Centrify for Samsung KNOX or another vendor for MDM/MCM.

Preparing a device that uses MDM/MCM from another vendor

If your device uses another vendors product for MDM/MCM, confirm that the KNOX container has already been created and the Samsung KNOX SSO feature has been enabled before installing Centrify for KNOX. The Samsung KNOX SSO feature on the device requires the application vendor to specify the package name for any mobile application that wants to use the SSO interface. Different MCM vendors use different methods to specify the application. When your MCM provider prompts you to specify Centrify for KNOX, use the following as the package name:
com.centrify.sso.myapps

Preparing a device that uses Centrify for Samsung KNOX for MDM/MCM
The Centrify cloud service automatically enables the Samsung KNOX SSO feature, however, you must add Centrify for KNOX to the whitelist of applications allowed to use it.

Centrify for Samsung KNOX Administrators Guide

30

Installing Centrify for KNOX from Samsung KNOX Apps

To enable Centrify for KNOX to use the Samsung KNOX SSO feature, you enable a group policy and add Centrify for KNOX to a whitelist. To enable the group policy you use the Group Policy Management Editor. The following procedures describe how to enable the SSO whitelist group policy, add the Centrify for KNOX application to the whitelist, and update the device with the new policy setting.
To enable the Application SSO whitelist policy and add Centrify for KNOX: 1 Open the Group Policy Management Editor and select for editing the group policy object

you have linked to the organization unit with your Samsung KNOX device. If you used the default user group and device container setting when you installed the Centrify cloud proxy server (the Active Directory Users group and Computers container), the group policy object is Default Domain Policy.
2 Expand Computer Configuration > Policies > Centrify Cloud Management

Settings to Samsung KNOX Settings > Application Management.

3 Double-click Application SSO whitelist. 4 Click Enabled and the Add button. 5 Enter the following in the Application: field and click OK.
com.centrify.sso.myapps

(You enter the applications package name rather than the application name.)
6 Click OK to exit the dialog box. To update the group policy on the device: 1 Open Active Directory Users and Computers. 2 Select the container you selected for mobile devices. (If you used the default user group

and device container setting when you installed the Centrify cloud proxy server, the default container is Computers.)
3 Right-click the device you enrolled and select All Tasks > Device Management >

Update Policies.

Chapter 2 Installing and configuring Centrify for Samsung KNOX

31

Installing Centrify for KNOX from Samsung KNOX Apps

The Centrify cloud service installs the new group policy. You can see the new policy in the Centrify Setup screen.

Installing Centrify for KNOX

After you have created the KNOX container and configured it to allow Centrify for KNOX to use the Samsung KNOX SSO feature, use the following procedure to install Centrify for KNOX in the container from the Samsung KNOX Apps store.
To install Centrify for KNOX from Samsung KNOX Apps: 1 If you are not in the KNOX container, touch Apps on your home screen, scroll to the

KNOX icon, and touch it. You are now in the KNOX container.
2 Touch Samsung KNOX Apps.

This opens the KNOX applications catalog.

3 Touch the search icon. 4 Enter Centrify. 5 Touch Centrify for KNOX. 6 Touch Free. 7 Touch Accept and download. 8 Touch Open.

If you are using Centrify for Samsung KNOX for MDM/MCM, Centrify for KNOX uses your Active Directory credentials to authenticate you and displays the web applications

Centrify for Samsung KNOX Administrators Guide

32

Installing Centrify for KNOX from Samsung KNOX Apps

deployed. If you are using another MDM/MCM provider, Centrify for KNOX prompts you to enter your Active Directory credentials and then displays the list of web applications. At this point, however, no web applications have been deployed.

Chapter 2 Installing and configuring Centrify for Samsung KNOX

33

Chapter 3

Configuring the Centrify cloud service and managing devices

In the previous chapter you installed the core Centrify for Samsung KNOX components, enrolled a mobile device, and created a KNOX container. During the installation and configuration process, you were introduced to Cloud Manager and the Active Directory tools you use to configure the Centrify cloud service and manage devices. This chapter describes the additional procedures you perform to configure Centrify for Samsung KNOX for SSO and MDM/MCM for organization-wide deployment. This chapter also introduces the administrator and end-user device-management interfaces. Configuring the Centrify cloud service for single sign-on on page 34

Configuring the Centrify cloud service for MDM/MCM settings on page 37 Managing mobile devices and Knox containers on page 38 Self-service management with MyCentrify on page 41

Configuring the Centrify cloud service for single sign-on

When you use Centrify for Samsung KNOX for SSO you use the Centrify cloud service to deploy web applications to users. The users can launch the web applications from their MyCentrify web portal and from the Centrify for KNOX mobile application they installed in their KNOX Container. You configure the Centrify cloud service for SSO using the following procedures: Deploying applications from Cloud Manager on page 34

Selecting web applications using MyCentrify on page 36 Deploying mobile applications that use SSO on page 36

Deploying applications from Cloud Manager

You use Cloud Manager to deploy web applications to MyCentrify and Centrify for KNOX. The following table summarizes the Cloud Manager configuration tasks you perform to deploy web applications.

34

Configuring the Centrify cloud service for single sign-on

Task Create a role

How to perform the task

1 Open Cloud Manager. 2 Select the Roles page. 3 Click Add Role. 1 On the Roles page, click the role you just created. 2 Click the Members Edit button. 3 Specify the user or group name and drag to Selected.

Add users to the role

Assign applications to the role

You can add one or more applications at once.

1 Click the Edit button above the list of Assigned Applications. 2 Select the application, drag it the Selected box, and click OK.

See Cloud Manager help for further details. To open Cloud Manager help, enter the URL https://cloud.centrify.com/manage in your browser, log in, and click Help in the user account drop-down list (circled in the picture).

Example: Deploying a web application to sysadmin

The first step in web application deployment is defining the roles to which you will assign the web applications. When you open Cloud Manager and select the Roles page, there are two default roles: sysadmin: Users in this role have full Centrify cloud service administrator policies. Your Active Directory account was automatically added to this account when you installed the proxy server.

Everybody: Applications assigned to this role are deployed to all cloud users.

To assign the Dropbox - Web User Password application to the sysadmin account, perform the steps in the next procedure. This example skips the first two web application deployment tasks because it uses the existing sysadmin role in which you are already a member.
To deploy a web application to the sysadmin role: 1 Open Cloud Manager and select the Apps page.

Chapter 3 Configuring the Centrify cloud service and managing devices

35

Configuring the Centrify cloud service for single sign-on

2 Click Add App. 3 Click the search box and enter drop. 4 Select the Dropbox Web - User Password application and click Add App.

Cloud Manager displays the Dropbox configuration window.

5 Select the User Access category, select sysadmin, and click Save. 6 Select MyCentrify from the account drop-down list.

Within a couple of seconds, Dropbox is displayed on the MyApps page.

7 On your mobile device, open the KNOX container and open Centrify for KNOX.

Dropbox is displayed. Open Dropbox if you have an account to log in to. If you do not have an account, delete Dropbox from the container.

Selecting web applications using MyCentrify

Users can also add web user password applications to MyCentrify and Centrify for KNOX. They use the Get More Apps button on the MyApps page in MyCentrify. See MyCentrify help for more details about how to add applications through MyCentrify.

Deploying mobile applications that use SSO

If you are using Centrify for Samsung KNOX for MDM/MCM, you can deploy mobile applications that use the Samsung KNOX SSO capability to the KNOX container using Cloud Manager. See the Cloud Manager help for the procedures.

Centrify for Samsung KNOX Administrators Guide

36

Configuring the Centrify cloud service for MDM/MCM settings

Configuring the Centrify cloud service for MDM/MCM settings

In the previous chapter you installed all of the components you need to use Centrify for Samsung KNOX to manage mobile devices and containers. The following table lists and explains how to do the configuration tasks you would perform to complete the Centrify cloud service configuration.
Task Select Active Directory groups of users who can enroll devices How to perform the task
1 In Active Directory, create the groups, add the users, and create the organizational units for the devices. 2 Open the Cloud Proxy Server Configuration program. 3 Click the Mobile Settings tab and click Add. 4 Browse to and select the Active Directory group. 5 Browse to and select the organizational unit to associate with the group. 6 Repeat for each additional Active Directory group.

Prepare devices so users can create Prepare the devices in one of these ways: their Samsung KNOX container Edit the group policy object for the mobile devices and enable the Create/ Dont create container at enrollment group policy. When you select this option, users can create the KNOX container right after they enroll the device. On the Devices page in Cloud Manager, select the devices, click the Container Management drop-down list, and select the Create Container command. When you select this option, the device must be enrolled first.
1 Open the Group Policy Management Editor and open an existing the group Enable SAFE and KNOX group policy object for editing or create a new one. policies in the group policy objects for mobile devices 2 Expand the Computer Configuration and Policies to show the Centrify Cloud Management Settings. 3 Enable the SAFE and KNOX policies you need. The Centrify cloud service

provides a wide variety of mobile-device-specific policies and installs the policies when the user enrolls the device.
4 Save the group policy object. 5 Assign the group policy object to the mobile device organizational unit.

Configure Cloud Manager settings, See Managing Cloud Manager settings in Cloud Manager help for more such as details. Cloud Manager and MyCentrify banner colors and icons. Multifactor authentication Email quarantining for unenrolled devices Deploy and manage mobile and web applications (optional) See Deploying applications from Cloud Manager on page 34 to deploy web applications. See Managing applications in Cloud Manager help for more details.

To open Cloud Manager help, enter the URL https://cloud.centrify.com/manage in your browser, log in, and click Help in the user account drop-down list (circled in the picture)

Chapter 3 Configuring the Centrify cloud service and managing devices

37

Managing mobile devices and Knox containers

Managing mobile devices and Knox containers

You can use Active Directory Users and Computers and Cloud Manager to manage mobile devices and KNOX containers using a broad set of device, container, and call log commands. You can also use Cloud Manager to generate real-time reports on the devices and users.

Sending commands to devices

The Centrify cloud service provides a comprehensive set of commands for creating and managing containers and managing devices. You can send the commands from Active Directory Users and Computers and Cloud Manager. See Cloud Manager help for the command descriptions.
Sending commands from Active Directory Users and Computers

Enrolled devices are listed in the Active Directory container you designated when you enabled Active Directory groups to enroll devices. You send a command from the devices Properties window. Use the following procedure to send a Power Off command to the device you enrolled from Active Directory Users and Computers.
To send the Power off command to a device: 1 Open Active Directory Users and Computers. 2 Open the Active Directory container you selected for mobile devicesthe default is

Computers.

Centrify for Samsung KNOX Administrators Guide

38

Managing mobile devices and Knox containers

3 Right-click the device you enrolled. 4 Expand the All Tasks and Device Management menus. 5 Click Power Off.

The following screen snapshot illustrates the ADUC interface.

The Centrify cloud service sends the command to the device immediately.
Invoking commands from Cloud Manager

The same device details and commands provided in Active Directory Users and Computers are available in the Cloud Manager interface. To invoke the commands from Cloud Manager, you select the device in the Devices page. The commands are listed under the device name. Use the following procedure to send the Lock and UnLock Container commands to the device you enrolled from Cloud Manager.
To lock and unlock the KNOX container from Cloud Manager: 1 Open and log in to Cloud Manager. 2 Select the Devices page. 3 Select the device you enrolled. 4 Click the Container Management drop-down list. 5 Click Lock Container.

Chapter 3 Configuring the Centrify cloud service and managing devices

39

Managing mobile devices and Knox containers

6 Go to your device and touch the KNOX icon.

You get the message KNOX has been locked. Contact your administrator to unlock.
7 Touch OK. 8 In Cloud Manager, click the Container Management drop-down list. 9 Click Unlock Container.

Now when you touch the KNOX icon on the device, you are prompted to enter your password, and the container is opened.

Generating reports
On the Reports page in Cloud Manager, you can generate reports of real-time Centrify cloud service data. Cloud Manager provides a set of SQL scripts you can use as is or modify to expand your query. Alternatively, you can create your own SQL scripts or expand upon the built-in scripts Use the following procedure demonstrates to generate a report from one of the built-in scripts.
To generate a report from a built-in Cloud Manager script: 1 Open Cloud Manager and log in. 2 Click Reports. 3 Under Report Library, expand Builtin Reports and click mobile.

Centrify for Samsung KNOX Administrators Guide

40

Self-service management with MyCentrify

4 Click Android Versions.

A report is generated listing all of the Android OS versions and the number of devices that have that version. From this report you can do the following: Click View to view the script that generated the report. Click Export to export the data to a file. Click Copy to copy the script to another Report Library folder.

Self-service management with MyCentrify

The Centrify cloud service provides self-service management of devices, applications, and certain personal Active Directory data through the MyCentrify user web portal. For example, users can lock or unlock their devices or containers, wipe a device that has been stolen, and find a device that has been misplaced from MyCentrify. Use the following procedure to unenroll the device you enrolled in the previous chapter.
To unenroll a device from MyCentrify: 1 If you are in Cloud Manager, click the user account drop-down list and select MyCentrify.

If you arent in Cloud Manager, enter the URL https://cloud.centrify.com/my in your browser to go to MyCentrify and log in using your full Active Directory credentials.
2 Click MyDevices. 3 Click the device you enrolled. 4 Click Device Management > Unenroll.

Chapter 3 Configuring the Centrify cloud service and managing devices

41

Self-service management with MyCentrify

The Centrify cloud service sends the Unenroll command and the Centrify application unenrolls the device. In your device, you touch the Centrify application icon and enter your Active Directory credentials to enroll again. When you unenroll a device its information remains in Cloud Manager and Active Directory. The information is not removed until you explicitly delete it.

Centrify for Samsung KNOX Administrators Guide

42