Product Documentation

Samsung MDM license key device policies

Feb 13, 2015

XenMobile supports and extends both Samsung for Enterprise (SAFE) and Samsung KNOX policies. SAFE is a family of solutions that provides security and feature enhancements for business use through integration with mobile device management solutions. Samsung KNOX is a solution within the SAFE program that provides a more secure Android platform for enterprise use.

You must enable the SAFE APIs by deploying the built-in Samsung Enterprise License Management (ELM) key to a device before you can deploy SAFE policies and restrictions. To enable the Samsung KNOX API, you also need to purchase a Samsung KNOX license using the Samsung KNOX License Management System (KLMS) in addition to deploying the Samsung ELM key. The Samsung KLMS provisions valid licenses to mobile device management solutions to enable them to activate Samsung KNOX APIS on mobile devices. These licenses must be obtained form Samsung and are not provided by Citrix.

You must deploy Worx Home along with the Samsung ELM key to enable the SAFE and Samsung KNOX APIs. You can verify that the SAFE APIs are enabled by checking the device properties. When the Samsung ELM key is deployed, the Samsung MDM API available setting is set to True.

  1. In the XenMobile console, click Configure > Device Policies. The Device Policies page appears.


    Select device policies

  2. Click Add to add a new policy. The Add New Policy dialog appears.


    Select Samsung MDM licence key policy

  3. Click More and then under Security, click Samsung MDM Licence Key. The Samsung MDM Licence Key Policy information page appears.


    Samsung MDM license key policy page

  4. In the Policy Information pane, enter the following information:
    1. Policy Name: Type a descriptive name for the policy.
    2. Description: Type an optional description of the policy.
  5. Click Next. The Policy Platforms page appears.
    Note: When the Policy Platforms page appears, both platforms are selected and you see the Samsung SAFE platform configuration panel first.

    Samsung SAFE policy information page

  6. Under Platforms, choose the Samsung platforms for which you want to create this policy. Clear any other platform that may be selected that you don't want to include in this policy.

    • If you chose Samsung SAFE, for ELM license key, enter the macro ${elm.license.key} to generate the ELM license key. The field should already contain the macro:


      Samsung SAFE MDM license key platform information page

    • If you chose Samsung KNOX, for KNOX license key, enter the 25-digit KNOX license key:


      Samsung KNOX MDM license key device policy page

  7. Expand Deployment Rules and then configure the following settings: The Base tab appears by default.


    Deployment rules

    1. In the lists, click options to determine when the policy should be deployed.
      1. You can choose to deploy the policy when all conditions are met or when any conditions are met. The default option is All.
      2. Click New Rule to define the conditions.
      3. In the lists, click the conditions, such as Device ownership and BYOD, as shown in the preceding figure.
      4. Click New Rule again if you want to add more conditions. You can add as many conditions as you would like.
    2. Click the Advanced tab to combine the rules with Boolean options.


      Advanced deployment rules with base rules

      The conditions you chose on the Base tab appear.
    3. You can use more advanced Boolean logic to combine, edit, or add rules.
      1. Click AND, OR, or NOT.
      2. In the lists that appear, choose the conditions that you want to add to the rule and then click the Plus sign (+) on the right-hand side to add the condition to the rule.

        At any time, you can click to select a condition and then click EDIT to change the condition or Delete to remove the condition.

      3. Click New Rule again if you want to add more conditions.

        In this example, the device ownership must be BYOD, the device local encryption must be True, and the device mobile country code cannot be only Andorra.

        Advanced deployment rules complete

  8. Click Next. The Samsung MDM License Key Policy page appears.
  9. Next to Choose delivery groups, type to find a delivery group or select a group or groups in the list to which you want to assign the policy. The groups you select appear in the right-hand Delivery groups to receive app assignment list.


    Policy assignment page

  10. Expand Deployment Schedule and then configure the following settings:
    1. Next to Deploy, click ON to schedule deployment or click OFF to prevent deployment. The default option is ON. If you choose OFF, no other options need to be configured.
    2. Next to Deployment schedule, click Now or Later. The default option is Now.
    3. If you click Later, click the calendar icon and then select the date and time for deployment.
    4. Next to Deployment condition, click On every connection or click Only when previous deployment has failed. The default option is On every connection.
    5. Next to Deploy for always-on connection, click ON or OFF. The default option is OFF.
      Note: This option applies when you have configured the scheduling background deployment key in Settings > Server Properties. The always-on option is not available for iOS devices.
    Note: The deployment schedule you configure is the same for all platforms. Any changes you make apply to all platforms, except for Deploy for always on connection, which does not apply to iOS.


    Deployment schedule

  11. Click Save to save the policy.