Back to top
Home / Knox Manage / New Knox Manage console / How-to guides /

Configure identity providers

Last updated April 4th, 2025

You can connect Knox Manage to third-party identity provider (IdP) and directory services that manage enterprise employee authentication information, such as user IDs. This allows identification and authentication information to sync between Knox Manage and enterprise directories, and helps authenticate users when they sign in to enrolled devices.

Identity provider page

Add a server connection

To add an IdP server connection, navigate to Connection and security > Identity provider, then click ADD CONNECTION.

The Knox Manage new console currently supports the following identity providers:

Connect to On-premise AD

You must install Samsung Cloud Connector on the LDAP server before you can connect Knox Manage to an on-premise IdP service.

You can sync user and group information to Knox Manage through the Active Directory (AD) service, which is built upon the industry-standard Lightweight Directory Access Protocol (LDAP).

Add connection

To connect to an On-premise AD server:

  1. While adding a connection, set the Connection type to On-premise AD.
  2. Add a Connection name.
  3. Enter the IP or Host address, and the port number of your server under IP/Host.
  4. Select the Encryption Type used when communicating with the AD server. Available options are None (default) and TLS for Transport Layer Security.
  5. Select an Auth Type as the authentication method used when establishing a connection with the AD server. Available options are None, Simple, DIGEST-MD5(SASL), and CRAM-MD5(SASL). If you select DIGEST-MD5(SASL) or CRAM-MD5(SASL), fill out the following authentication information:
    • SASL realm (only for DIGEST-MD5) — Enter the realm of the SASL server as a domain.
    • **Quality of Protection — ** Select the extent of data protection.
      • Authentication Only — Protect data only upon authentication.
      • Authentication with integrity — Ensure integrity of all the data exchanged, as well as authentication.
      • Authentication with integrity and privacy — Ensure integrity of all data exchanges, as well as authentication through data encryption.
    • Protection Strength — Select a data protection level, and determine whether or not mutual authentication should be performed when exchanging data.
      • High — Use 128-bit encryption.
      • Medium — Use 56-bit encryption.
      • Low — Use 40-bit encryption.
    • Use mutual authentication — Select to enable validation for data exchanged between the client and the server.
  6. Enter the User ID for accessing the directory server in any of the following formats:
  • domain/administrator ID
  • administrator_ID@domain
  • CN = administrator ID,CN = Users,C = domain,DC = com
  1. Enter the Password associated with the User ID.
  2. Under Connect to directory, select if you want to sync Users only, or if you want to sync Users and groups.
  3. Check Schedule automatic syncs to directory to schedule automatic syncs.
    • Time zone — Set the time zone for the schedule.
    • Start date and time — Set the start date and time to sync with the directory.
    • Sync frequency — Sync Only once, or configure Daily or Weekly syncs.
  4. Click NEXT to configure the user connection.

Connect to Microsoft Entra ID

Only one Microsoft Entra ID connection can be created for each Knox Manage tenant. If you need to change your Directory ID, please delete the old Microsoft Entra ID connection and create a new one.

To connect to a Microsoft Entra ID server:

  1. While adding a connection, set Connection type to MS Entra ID.
  2. Add a Connection name.
  3. Under Directory ID, enter the Tenant ID from your Microsoft Entra ID portal.
  4. Under Connect to directory, select if you want to sync Users only, or if you want to sync Users and groups.
  5. Check Schedule automatic syncs to directory to schedule automatic syncs.
    • Time zone — Set the time zone for the schedule.
    • Start date and time — Set the start date and time to sync with the directory.
    • Sync frequency — Sync Only once, or configure Daily or Weekly syncs.
  6. Click NEXT to configure the user connection.

Add a user connection

Configure how Knox Manage syncs users from your active directory or IdP service as follows:

  1. (Only for On-premise AD connections) Enter the Base DN starting point. This is where your AD server searches for users. For optimal performance, click SELECT BASE DN and select the closest base DN to your target users.

  2. (Only for On-premise AD connections) Configure a filter for specific LDAP data items.

  3. Under Sync target, sync specific users or all users on your On-premise AD server.

    • To sync specific users, choose Select individually (recommended) from the dropdown, click SELECT USERS, then select the users you want to sync from your AD server.

  4. (Optional) Configure Additional settings:

    • Automatically apply profile — A profile is automatically applied to a user’s device when their organization details change.
    • Delete users from Knox Manage if deleted from directory — Delete users from Knox Manage if they are deleted in AD.

  5. Expand MAPPING INFORMATION to configure user information synced from AD to Knox Manage. Click ADD MORE to see additional fields that you can sync.

  6. If you chose to sync both Users and groups earlier, click NEXT to configure the group connection. Otherwise, click ADD CONNECTION.

Add a group connection

Configure how Knox Manage syncs groups from your active directory or IdP service:

  1. Enter the Base DN starting point. This is where your AD server searches for groups. For optimal performance, click SELECT BASE DN and select the closest base DN to your target groups.

  1. (Only for On-premise AD connections) Configure a filter for specific LDAP data items.
  2. Under Sync target, sync specific groups or all groups on your On-premise AD server.
    • To sync specific groups, choose Select individually (recommended) from the dropdown, click SELECT GROUPS, then select the groups you want to sync from your AD server.
  3. (Optional) Configure Additional settings:
    • Push profiles and apps when user added — Automatically push profile and app assignments to new group members.
    • Unassign profiles and apps when user deleted — Unassign profiles and apps from deleted group members.
    • Unassign profiles and apps when group deleted — Unassign profiles and apps from deleted groups.
    • Delete groups from Knox Manage if deleted from directory — Delete groups from Knox Manage if they are deleted in AD.
  4. Expand MAPPING INFORMATION to configure the group information that’s synced from AD to Knox Manage.
    • Group Name — Enter a name for the group.
    • Member — Select a member for the group.
    • DN — Enter the unique name of the LDAP object.
    • Object Identifier — Enter the ID used to distinguish the synced group.
    • Group Identifier — Enter the name used to distinguish the synced group.
  5. Click ADD CONNECTION.

On this page

Is this page helpful?