11 Sep 2019

IMPORTANT NOTICE: Samsung Deprecating Low-Use KPE Features

By SEAP News

In our Jun 27 blog post, we mentioned that we are deprecating Knox Platform for Enterprise (KPE) features that are now duplicated in Android Enterprise (AE). This is to simplify the Android Enterprise use model, provide only differentiated features through KPE, and help you ease the development of solutions and provide a cleaner UI.

In our upcoming Knox v3.4.1 release, we are also deprecating KPE features that are not being used, according to our extensive analytics. This is to streamline our operations and allow us to focus more on delivering newly requested features and less on maintaining low usage features. If you are using any of these features, which are described below, please review your solutions to see if you can remove or replace the features.

 

Which low-use features are being deprecated?

  • Samsung Single Sign On (Kerberos)Samsung SSO enables Samsung devices to authenticate users against an Active Directory (AD) infrastructure using the well-known Integrated Windows Authentication (IWA) with Negotiate (using MIT Kerberos V5). Due to low usage, however, we are deprecating this SSO feature. If you are using Samsung SSO, try exploring other SSO solutions like Azure AD.
  • Knox container unlock using AD — With AD Containers, IT admins can enable corporate AD credentials to unlock the Knox Workspace container on a mobile device. Due to very low usage, this feature is also being deprecated.
  • Knox Shared DeviceKnox Shared Device enables several enterprise employees to use the same device, without divulging individual settings, accounts, apps, or policies. Currently, you can enable this feature only through Knox Configure. With Google now offering Managed guest session devices, we are deprecating the Knox Shared Device.
  • Knox Cloud SDK — The Knox Cloud SDK enables you to configure Samsung devices through web-based REST API calls. Again, due to very low usage, we are deprecating this feature. Instead, you can use the more powerful, up-to-date, and device-based Knox SDK or Knox Service Plugin.

 

What is the deprecation timeline?

If you have new devices with Android Q (Android 10), you will not be able to use these features anymore. 

If you have devices with Android P (Android 9) or earlier, you can still use these features. Details are as follows:

  • Samsung SSO (Kerberos) and AD container
    You can still use these features after a Q OS upgrade. But the features will not be available in Android R.
  • Shared Device
    Shared Device has been enabled only through Knox Configure (KC). Shared Device will be unavailable from Android Q onwards, and cannot be enabled by Knox Configure. However, if you are already using Shared Device, you can still use it after a Q OS upgrade, but you can use Knox Configure only to disable it. The Knox Configure console will show the supported OS version for Shared Device, and provide Shared Device only for the devices which have supported OS.
  • Cloud SDK
    This will not be supported on Android Q devices. Additionally, on:
    • February 26, 2020: We will be ending support for Cloud SDK across all devices. That is to say, users will no longer be able to create or edit existing Cloud SDK profiles after this date. Users will also not be able to assign an existing Cloud SDK profile to a new device.
    • May 27, 2020: Existing Cloud SDK devices that have been factory reset will no longer be able to be enrolled via the Cloud SDK.

 

What next?

If you are using these features, please see if you can remove or replace them. Still have questions? Search our FAQs, post a question in our Developer Forum, or Contact Us. SEAP Partners can also sign in to SEAP to use our Support ticketing system.