Overview

The Samsung Knox Cloud SDK (Cloud SDK) is a tool that allows you to create light mobile device management solutions with heavyweight features.

There are 2 parts to the Cloud SDK:

  1. REST API – Required for the communication between MDM console and the device. The REST API remains the same regardless of new JavaScript APIs.
  2. JavaScript APIs – To apply policies to devices. The Cloud SDK APIs include all Samsung Knox Standard and Premium APIs. Most flagship Samsung devices are pre-loaded with a lightweight certified app called UMC (Unified MDM client). UMC downloads an agent that interprets and applies JavaScript policies.

Using Cloud SDK, you can quickly develop an MDM solution without having to worry about Android client app development. There’s no need to test your solution on multiple devices.

Requirements

How it works

Your Cloud SDK-compatible MDM console registers in Samsung Enterprise Gateway (SEG) for device-discovery purposes. When a device enrolls in that MDM, a profile gets created in SEG.

End users can enroll their devices and receive policies via email.  There’s no need to download a separate MDM client. Once the device has been enrolled, you can push JavaScript policies via the MDM console. The device will be able to enforce these policies without any further work done by the MDMs. The MDM console is used as the tool for policy deployment

JavaScript allows you to embed logic in mobile device management policies. For example, you can specify the conditions that will lead the MDM console to deploy a certain policy.

Core features

Cloud SDK includes more than 1500 Knox APIs from the Knox Standard and Knox Premium SDKs. Using these APIs, a server can control and configure different aspects of a mobile device, depending on the needs of your enterprise.

Some of those features are:

  • Attestation – You can verify that a device hasn’t been rooted and that its firmware hasn’t been corrupted.From a web server, you send an attestation request to a device, and your device-based app sends the TIMA (TrustZone-based Integrity Measurement Architecture) measurements that indicate the status of the device.
  • Knox containers — You can create a secure container to protect corporate apps and data from potential malware outside the container. You can also fully control, manage, and restrict interactions between apps inside and outside the container.
  • App management — Install or remove specific apps on the device.
  • Enterprise billing — You can separate the billing for personal and enterprise data usage. With this feature, employees can bring their own devices to work and use two different APNs to route personal and enterprise data connections.
  • Single Sign-On (SSO) — You can choose the Identity Provider (IdP) used by selected apps inside the secure Knox container. (These whitelisted apps can add SSO authentication through the Generic SSO SDK for ISVs or Samsung SSO SDK.) Through a generic SSO framework, apps can use a generic API call to authenticate users through one of several supported IdPs.
  • Virtual Private Network (VPN) — You can set up multiple secure VPN tunnels to protect data being sent to and from apps inside the container. You can identify which container apps use which tunnels, and separate the data being sent by apps inside the container from that being sent by apps outside the container. Through a generic VPN framework, apps can set up VPN tunnels using the Cisco or Juniper client.
  • Secure KeyStore – Knox SDKs provide APIs to manage both symmetric and asymmetric keys. These keys are used with a hardware-backed trusted key store.

Next steps...