Introducing Centrify for Samsung KNOX

Last week we announced an expansion of our partnership with Samsung and the general availability of our Centrify for Samsung KNOX solution that delivers “Zero Sign-On” to web and rich Mobile applications within Samsung KNOX as well as provides Active Directory-based container and device management. In this blog post I want to provide a bit more color commentary on what is Samsung KNOX and what is the solution that Centrify provides that comes standard with KNOX.

So what is Samsung KNOX you may ask? Samsung KNOX is a new Android-based solution specifically designed to enhance the security of the open source Android platform. KNOX is not a product or a single feature; instead it is a suite of enhancements for popular Samsung Android devices designed to address the needs of government and enterprise IT managers as well as employees. It is important to note that while many of these features are unique to the Samsung KNOX platform, Samsung has maintained full compatibility with Android and the Google ecosystem so that existing Android applications will continue to work on Samsung KNOX devices. In effect it provides a multi-layer approach to mobile OS security as shown in the diagram below.

Multi-layered approach to OS Security - Samsung KNOX

Central to the KNOX experience is the ability to run corporate IT-approved apps in a secure application container completely isolated from the user’s other apps and data on the device. This container can be centrally managed by the IT department while still giving the user the ability to run personal applications in the standard Android environment. Think of it as a means to separate work and play, i.e. business and personal as shown below.

Example of Separation of Work and Play - Samsung KNOX

Again remember with this container technology that data sharing, apps, files, etc. that the network is completely isolated (as shown below), and IT can apply policies to allow remote IT configuration and management.

KNOX Container inside Android Framework

If you want more information on Samsung KNOX, you can check out OR also check out (a resource site brought to you by Centrify). I also created a video called Introduction to Samsung KNOX. Or you can cut to the chase and click here to Try or Buy Samsung KNOX. Samsung KNOX is starting to roll out as over the air updates on Galaxy S4 and is already on the new Galaxy Note 3 and Note 10.1 (2014 Edition) devices from Samsung.

So what is the “Centrify for Samsung KNOX” solution? Well, as part of our OEM relationship with Samsung, Centrify for Samsung KNOX delivers Active Directory-based single sign-on, mobile container management and device management for Samsung KNOX-enabled devices and is available as standard features with the KNOX platform. End users enjoy the improved productivity benefits of “Zero Sign-On” access to rich mobile apps and cloud-based SaaS apps while IT can easily manage KNOX containers and the underlying devices using an infrastructure they already own — Active Directory. Centrify for Samsung KNOX is delivered as a cloud service that is up and running in minutes, resulting in Samsung KNOX not only delivering world-class mobile security but also seamless enterprise integration.

Centrify for Samsung KNOX

Key features from my perspective of Centrify for Samsung KNOX include:

  • Mobile Single Sign-On: Improves end user productivity by delivering mobile single sign-on while also reducing the risk of weak passwords that are commonly shared across multiple SaaS applications by delivering token-based authentication for both native mobile apps and web applications. Because there is no actual signing on, we call it “Zero Sign-on.”
  • Management of Samsung KNOX Containers: Provides a cloud-based management solution for installing, configuring and managing Samsung KNOX containers.
  • Mobile Device and Application Management: Delivers a secure cloud-based platform for IT administrators to manage, report on and apply policies to their devices running Samsung KNOX as well deliver management of mobile applications both inside and outside the KNOX container.
  • Integration with Microsoft Active Directory: Enables IT administrators to manage their Samsung KNOX devices with the Active Directory tools they are used to using for managing Microsoft Windows systems.
  • Self-service capabilities for users: Enables users to manage their own devices with a cloud based self-service portal giving them the ability to lock, wipe or locate their Samsung KNOX device and deploy business and personal applications to the device and or the Samsung KNOX container.
  • Extensible to other platforms: Lets you upgrade to the Centrify User Suite to get the same robust mobile single sign-on and device management capabilities for non-Samsung KNOX devices that use iOS, Android and Mac OS X.

And remember, Centrify for Samsung KNOX comes standard with KNOX itself, so if you buy Samsung KNOX, you get these Centrify-supplied capabilities as features of KNOX. In my next blog posts I will talk in a bit more detail about Mobile Zero Sign-On leveraging AD credentials and role-based authorization you get with Centrify for Samsung KNOX, as well as the Active Directory-based KNOX container/device management using Group Policy.