The Samsung Knox Cloud SDK (Cloud SDK) is a tool that allows you to create light mobile device management solutions with heavyweight features.
There are 2 parts to the Cloud SDK:
Using Cloud SDK, you can quickly develop an MDM solution without having to worry about Android client app development. There’s no need to test your solution on multiple devices.
How it works
Your Cloud SDK-compatible MDM console registers in Samsung Enterprise Gateway (SEG) for device-discovery purposes. When a device enrolls in that MDM, a profile gets created in SEG.
Cloud SDK includes more than 1500 Knox APIs from the Knox Standard and Knox Premium SDKs. Using these APIs, a server can control and configure different aspects of a mobile device, depending on the needs of your enterprise.
Some of those features are:
- Attestation – You can verify that a device hasn’t been rooted and that its firmware hasn’t been corrupted. From a web server, you send an attestation request to a device, and your device-based app sends the TIMA (TrustZone-based Integrity Measurement Architecture) measurements that indicate the status of the device.
- Knox containers — You can create a secure container to protect corporate apps and data from potential malware outside the container. You can also fully control, manage, and restrict interactions between apps inside and outside the container.
- App management — Install or remove specific apps on the device.
- Enterprise billing — You can separate the billing for personal and enterprise data usage. With this feature, employees can bring their own devices to work and use two different APNs to route personal and enterprise data connections.
- Single Sign-On (SSO) — You can choose the Identity Provider (IdP) used by selected apps inside the secure Knox container. (These whitelisted apps can add SSO authentication through the Generic SSO SDK for ISVs or Samsung SSO SDK.) Through a generic SSO framework, apps can use a generic API call to authenticate users through one of several supported IdPs.
- Virtual Private Network (VPN) — You can set up multiple secure VPN tunnels to protect data being sent to and from apps inside the container. You can identify which container apps use which tunnels, and separate the data being sent by apps inside the container from that being sent by apps outside the container. Through a generic VPN framework, apps can set up VPN tunnels using the Cisco or Juniper client.
- Secure KeyStore – Knox SDKs provide APIs to manage both symmetric and asymmetric keys. These keys are used with a hardware-backed trusted key store.