An Overview of Samsung KNOX Active Directory and Group Policy Features



Similar documents
An Overview of Samsung KNOX Active Directory-based Single Sign-On

Centrify Mobile Authentication Services for Samsung KNOX

Google Apps Deployment Guide

Centrify Cloud Management Suite

Active Directory and DirectControl

Centrify Mobile Authentication Services

Centrify Identity Service and Mac - Online Training

Best Practices for Adding Macs to Microsoft Networks

Windows Least Privilege Management and Beyond

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

AVG Business SSO Partner Getting Started Guide

Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl and Microsoft Active Directory

Advanced Configuration Steps

Top Six Things to Consider with an Identity-as-a-Service (IDaaS) Solution

Improving Mobile Device Security and Management with Active Directory

Automating Cloud Security with Centrify Express and RightScale

Centrify Cloud Connector Deployment Guide

Managing UNIX Generic and Service Accounts with Active Directory

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Copyright 2013, 3CX Ltd.

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Centrify Identity and Access Management for Cloudera

What We Do: Simplify Enterprise Mobility

Mobile Device Management Version 8. Last updated:

Centralized Mac Home Directories with ExtremeZ-IP

Mobility Manager 9.5. Users Guide

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

Google Identity Services for work

Speeding Office 365 Implementation Using Identity-as-a-Service

Macintosh Printer Management using Centrify DirectControl Group Policies

Centrify-Enabled Samba

Direct Control for Mobile & Supporting Mac OS X in Windows Environments

Securing VMware Virtual Infrastructure with Centrify's Identity and Access Management Suite

When enterprise mobility strategies are discussed, security is usually one of the first topics

Dell World Software User Forum 2013

VMware Identity Manager Administration

Ensuring the security of your mobile business intelligence

Athena Mobile Device Management from Symantec

How To Manage A Plethora Of Identities In A Cloud System (Saas)

Secure, Centralized, Simple

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner Pipelinersales Inc.

Deploying the Workspace Application for Microsoft SharePoint Online

Sophos Mobile Control user help. Product version: 6.1

Cisco Mobile Collaboration Management Service

Centrify OS X Basic Jump Start

Using Devices. Chapter 3

Flexible Identity Federation

WatchDox Administrator's Guide. Application Version 3.7.5

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Symantec Mobile Management for Configuration Manager 7.2

Microsoft Enterprise Mobility Suite

Symantec Mobile Management Suite

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

STRONGER AUTHENTICATION for CA SiteMinder

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Using Apple Remote Desktop to Deploy Centrify DirectControl

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

How to Secure a Groove Manager Web Site

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Symantec Mobile Management 7.1

Advanced Administration

Virtualization Case Study

How To Configure A Windows 8.1 On A Windows (Windows) With A Powerpoint (Windows 8) On A Blackberry) On An Ipad Or Ipad (Windows 7) On Your Blackberry Or Black

Manage Your Mac with Active Directory Group Policies

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

MaaS360 Mobile Enterprise Gateway

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

How To Use Directcontrol With Netapp Filers And Directcontrol Together

Administration Guide BES12. Version 12.3

Symantec Managed PKI Service Deployment Options

Symantec Mobile Management 7.1

MaaS360 Mobile Enterprise Gateway

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Kaseya IT Automation Framework

Sophos Mobile Control User guide for Apple ios. Product version: 4

Mobile device and application management. Speaker Name Date

nexus Hybrid Access Gateway

MBAM Self-Help Portals

Systems Manager Cloud Based Mobile Device Management

Egnyte Cloud File Server. White Paper

Leveraging SAML for Federated Single Sign-on:

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Mobility Manager 9.5. Installation Guide

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Sophos Mobile Control Startup guide. Product version: 3

Sophos Mobile Control User guide for Apple ios. Product version: 2 Document date: December 2011

Sophos Mobile Control Startup guide. Product version: 3.5

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Comprehensive Enterprise Mobile Management for ios 8

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Transcription:

C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android mobile environment for selected Samsung mobile devices. One of the most important new enterprise features provided with KNOX is the ability for KNOX devices to be joined, secured and managed by a Microsoft Active Directory infrastructure. An important part of this solution allows KNOX devices to be centrally controlled by Microsoft Group Policy, a technology already in use by most enterprises. These new capabilities, developed by Centrify Corporation, allow IT administrators to centrally manage and secure KNOX devices in the same way that other IT assets are managed. This White Paper provides an overview of the Active Directory and Group Policy features and benefits and describes how these unique capabilities work within the Samsung KNOX environment. Centrify Corporation PHONE: +1 (408) 542-7500 (North America & Worldwide) 785 N. Mary, Suite 200 +44 (0) 1344 317950 (EMEA) Sunnyvale, CA 94085 (+61) 1300 795 789 (APAC) +55-11-9999-10156 (Latin America) WEB www.centrify.com

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Centrify Corporation. Centrify may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Centrify, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2013 Centrify Corporation. All rights reserved. Centrify, DirectAudit, DirectControl and DirectSecure are registered trademarks and DirectAuthorize and DirectManage are trademarks of Centrify Corporation in the United States and other countries. Other brand names used in this document are the trademarks or registered trademarks of their respective companies. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE II

Contents Contents... iii Introduction... 1 What is Samsung KNOX?... 2 Background on Centrify... 2 Background on Microsoft Active Directory and Group Policy... 3 The KNOX Active Directory Experience... 3 Samsung KNOX Active Directory and Group Policy Features... 4 Active Directory-based authentication and mobile device / container management.. 4 Group Policy-based management... 5 The Samsung KNOX Experience for Active Directory Administrators... 5 What you install on your internal network... 7 Using the Centrify Cloud Service and the Centrify Cloud Manager... 7 Using the Active Directory and Group Policy Console Extensions... 9 The Active Directory Experience for Samsung KNOX Users... 10 MyCentrify web-based user portal... 10 Centrify App... 11 Summary... 12 Where to go for more information... 13 How to Contact Centrify... 13 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE III

Introduction Microsoft Active Directory (AD) and Group Policy technologies provide the IT infrastructure backbone for a vast majority of large organizations around the world. Active Directory is a central database for tracking IT assets such as computers and printers, as well as a directory of organizational users. But AD is more than a database of assets and employees, it is also the authentication and authorization engine that controls which users, groups and devices can access corporate resources. When a corporate user logs into a device that is joined to one of the company s AD domains, his or her credentials and privileges are first validated by an Active Directory server. Once validated, the user and his or her device is granted access to the corporate network and internal resources such as file shares. If the user leaves the organization, his or her login and access privileges can be instantly revoked so that the user no longer has access to corporate resources. Likewise, if a user moves to a different role within the organization, his or her permissions and access rights are automatically changed by simply moving the user into another functional group. Group Policy works with and extends Active Directory by allowing IT administrators to enforce policies for users and devices based on roles, groups and other attributes. For example, if you wanted to ensure that a password is always required when sales staff resume their computers from sleep or hibernate mode, you would create the appropriate Group Policy object to do this and push it out to all members of the sales Active Directory group. The combination of these two technologies has meant that IT administrators can centrally manage devices and users connected to the domain in addition to ensuring that their networks are secured, controlled and monitored. But there has historically been one shortcoming with Active Directory and Group Policy. Being a Microsoft technology, it is designed to work with Windows-based computers. While Windows is still the dominant desktop operating system for business, other desktop operating systems such as Mac OS X are also widely used. More importantly, workers are increasingly relying on smart phones and tablets when on the job. So that leaves the IT department with a challenge how do they allow these devices into the enterprise while leveraging the management tools that they already have in place? Fortunately, IT managers have a way to extend the AD management infrastructure and security controls to non-windows devices including some of Samsung s latest mobile devices. Samsung KNOX, Samsung s secure enhancement to the Android operating system, includes full integration with Active Directory and Group Policy. This unique functionality was developed by Centrify Corporation for Samsung. Centrify offers products to extend Active Directory and Group Policy to systems using Mac OS X, UNIX and Linux and mobile devices such as ipads, iphones and Android devices. And now with Samsung KNOX, Centrify has technologies that are available to all KNOX users to allow KNOX devices to join the Active Directory domain and be centrally secured and managed by an organization. This paper provides details on how this solution works as well as the benefits of this approach for enterprise device and user management. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 1

What is Samsung KNOX? Samsung KNOX is a new Android-based solution specifically designed to enhance the security of the open source Android mobile platform. KNOX is not a product or a single feature; instead it is a suite of enhancements for selected Samsung Android devices designed to address the needs of government and enterprise IT managers as well as employees. It is important to note that while many of these features are unique to the Samsung KNOX platform, Samsung has maintained full compatibility with Android and the Google ecosystem so that existing Android applications will continue to work on Samsung KNOX devices. Central to the KNOX experience is the ability to run corporate IT-approved apps in a secure application container completely isolated from the user s other apps and data on the device. This container can be centrally managed by the IT department while still giving the user the ability to run personal applications in the standard Android environment. Another major feature of Samsung KNOX is its integration with Microsoft Active Directory, the most popular user and computer identity management system deployed today. These integration capabilities have been developed for Samsung by Centrify Corporation. Samsung KNOX application container concept Centrify also developed the ability to deploy and manage Single Sign-On (SSO) enabled applications within KNOX. These applications can be web-based Software-as-a-Service (SaaS) applications such as Salesforce.com or Office 365 or they can be native Android apps that have been modified to work with the KNOX SSO service. Background on Centrify Centrify provides Unified Identity Services across data center, cloud and mobile environments resulting in a single login for users and a unified identity infrastructure for IT. Centrify's software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources. More than 5000 customers have deployed Centrify across millions of computers, applications and mobile devices to increase agility and security. With Centrify, organizations are reducing the costs associated with identity lifecycle management and compliance by over 50%. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 2

Since releasing its initial product in 2005, Centrify has expanded its portfolio from one product to a suite of software and cloud services that span data center, cloud and mobile environments with comprehensive support for over 400 systems and over 2000 applications. Background on Microsoft Active Directory and Group Policy Organizations that have large numbers of Windows-based computers typically use Microsoft s server technologies as the underlying IT infrastructure for managing their users and devices. The foundation of Microsoft s infrastructure is Active Directory. Active Directory is essentially a database which stores information about users and devices and is wrapped in services that allow users and devices to join a secure corporate domain, authenticate users when they login, store preferences and provide other administrative tasks. Active Directory acts as the base for many other management services such as certificate services, rights management, domain services and group policy. Group Policy enables policy-based administration using Microsoft Active Directory. Group Policy uses directory services and security group membership to provide enforceable rules for users and devices that can be set by the administrator and applied across the corporate network. Policy settings are created using the Microsoft Management Console (MMC) snap-in for Group Policy and can be applied to resources based on rules, membership, roles or globally to all devices and users. While Active Directory, Group Policy and other Microsoft server-based technologies have been traditionally used to manage Windows-based resources, the services are extensible thereby allowing companies like Centrify Corporation to create solutions for joining non-microsoft devices, such as Apple Macs, Linux computers and UNIX servers to an Active Directory-based corporate IT infrastructure. More recently, Centrify has created solutions to enable mobile devices to join and be managed by the Active Directory system. Samsung has licensed this technology and includes it in its KNOX offerings. Given that Active Directory is used by a majority of enterprises, these capabilities significantly enhance the ability of enterprises to extend device and user management, authentication, and policy-based management to all KNOX-enabled devices. It is estimated that 95% of Fortune 1000 companies use Active Directory today as their central infrastructure for managing and controlling access for computers and users. Therefore, adding the ability for IT to be able to control mobile devices used by those same users makes total sense. In addition, using the same tools and interfaces that administrators are already familiar with makes this capability even more attractive. Users benefit by having a consistent experience and a single set of login credentials for all resources managed by the enterprise. The KNOX Active Directory Experience All Samsung KNOX devices include a license to Centrify s Mobile Device Management software which includes support for Active Directory and Group Policy. Once the user or organization installs Centrify s software, the KNOX device can then be joined to the AD domain. But in keeping with Samsung s goal of enabling BYOD (Bring Your Own Device) scenarios, the concept goes further by allowing the organization to create a special application container that is joined and managed by AD. This container keeps all business apps and data separate from the user s personal apps and data. This means IT managers can enforce rules for which apps are run in the container and set policies for 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 3

corporate activities such as accessing a virtual private network. If the user leaves the organization or loses his or her phone, the IT administrator can instantly remove the business application container or lock the device or locate the device. In addition, users have the ability to log into a self-service portal for tasks such as changing their passwords, locking their device or viewing the last known location for their device. While there are a variety of tools in the mobile app world for doing these types of functions, there is one reason why the Centrify approach stands out above other solutions: all management is done from within the organization s existing Active Directory-based infrastructure. This means no new tools need to be installed or learned. This means when a single action is taken by an IT administrator, such as changing a user s role, the action is not only enforced on the user s computers but also on the user s KNOX-based mobile device. Instead of having one set of tools for managing users and computers and another set for managing users and mobile devices, the Centrify solution allows organizations to extend their existing Active Directory-based tools to allow KNOX devices to be managed in the same way as other corporate computing devices. This means one administration console, one user database, one device database, one access control system, one set of policies that are enforced across computers and mobile devices. These integration and management capabilities across both computers and mobile devices can substantially reduce complexity and result in huge savings and reduced complexity for IT departments. Samsung KNOX Active Directory and Group Policy Features Active Directory-based authentication and mobile device / container management Active Directory is deployed to manage users within an organization and for authenticating users when they log in to a device. The user s profile as well as group memberships are stored in Active Directory which can be used to control access to different IT resources. For example, if Mary Smith just joined your organization s sales team, the IT administrator would add her to Active Directory, setup up her profile information and provide her with a login password. The administrator would also add her to various sales-related security and distribution groups which would allow her to securely access the sales resources of the organization. In addition, computers that Mary uses at work could be joined to Active Directory ensuring that her devices are authenticated on the corporate network and are managed based on the organization s IT policies. With Samsung KNOX, Centrify extends Active Directory to Android-based KNOX containers. This means that the container is joined and secured through Active Directory. So, in the example above, Mary s KNOX-enabled mobile device would also be joined to the AD domain. This benefits administrators since they can centrally control all of their users devices from a single console. If a user leaves an organization, administrators can not only turn off access to the corporate container on the KNOX device they can delete the container and remove all corporate applications and data. All this happens without impacting the user s personal applications and data that reside outside the corporate container. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 4

Group Policy-based management In addition to creating and removing containers, administrators also have access to fine-grained management of the KNOX device using Group Policy. As mentioned earlier, Group Policy works within the Active Directory infrastructure to allow managers to create IT policies and have those policies enforced throughout the enterprise. Most IT administrators use Group Policy to manage their computers within the corporate network. Group Policy console with KNOX extensions Now with Centrify s technology in KNOX, administrators can manage KNOX containers, control access to containers and enforce corporate or mobile-specific policies within containers. All this happens from within the standard Group Policy console, which means administrators do not have to install different costly tools or learn different techniques for managing their mobile devices. For example, the administrator can view all end-user devices and drill down to see specific details related to the enduser s KNOX device. Policies such as allowing VPN or Wi-Fi access or configuring a firewall can also be pushed to the mobile device. Or the administrator can send a command to the KNOX device to create a secure corporate container and pre-populate that container with approved corporate applications or setup an email account. Policies can also be related to roles. For example, a policy could be set up to grant all sales employees access to the corporate sales portal. There are over 470 policies that can be used with KNOX which leverage over a thousand management APIs. The Samsung KNOX Experience for Active Directory Administrators Samsung KNOX Active Directory support is a complete security and mobile device management solution that is delivered by way of the Centrify Cloud Service. The Centrify Cloud Service provides secure communication from an on-premise computer with Active Directory to the Centrify Cloud Service which then interacts with the user s mobile device. The Centrify Cloud Service also facilitates secure SSO and controls access to an organization s web-based applications by acting as a security token service. In addition, SSO-enabled versions of mobile apps can be deployed within the Samsung KNOX container and use the same SSO service for authentication. As a security token service, the Centrify Cloud Service authenticates users to the Centrify user portal with Kerberos, SAML, or an Active Directory user name and password. Once a user unlocks his or her KNOX container, PKI 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 5

credentials are used to enable strong secondary authentication to the Centrify Cloud Service. A SAML, Oauth or OpenID Connect token is then generated which enables user access to SSO-enabled applications. The Centrify Cloud Proxy Server is a simple Windows service that runs behind a firewall and provides real-time authentication, policy, and access to user profiles without synchronizing an organization s data to the cloud. Organizations maintain control of their valuable Active Directory data while providing a seamless user experience. The Centrify Cloud Manager provides a single, easy-to-use tool to administer application access, mobile devices, and user profile changes. Also, this tool can be used to report and monitor all webbased and mobile activity. Not only does this improve security and compliance through improved visibility, but also lowers administrative complexity by reducing the number of solutions with different monitoring and reporting interfaces or integrations. Administrators can quickly audit all administrative and user activities. In the Centrify user portal, a user clicks a simple link to a web-based app and the Centrify Cloud Service logs the user in to the app. The Centrify portal provides multiple self-service options for users to update their Active Directory profiles and remotely administer their mobile devices. Here s how the main components in the Centrify for Samsung KNOX architecture work together: An overview of the Centrify for Samsung KNOX Architecture 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 6

What you install on your internal network The Centrify for Samsung KNOX Active Directory-based components require very little in the way of additional software or services in order to function correctly with a KNOX-enabled device and an existing Active Directory installation. The process begins by installing the Centrify Cloud Management Suite in an organization s internal network, and this installs the following items: Centrify Cloud Proxy Server: The Centrify Cloud Proxy Server is a process that runs on a host computer with internal connections to an Active Directory server and external internet connections. This server manages communications between Active Directory and the Centrify Cloud Service. No changes are required to an existing internal Active Directory environment and Active Directory continues to be used to create and manage users, groups and devices. Centrify Cloud Proxy Server configuration application: The Centrify Cloud Proxy Server configuration application provides a user interface that configures the Centrify Cloud Proxy Server. Active Directory Users and Computers console extension: When an organization uses the Centrify Cloud Management Suite for mobile device and container management, an Active Directory console extension is installed which provides additional properties and commands for managing mobile devices. This console extension lets administrators use the existing Active Directory infrastructure and familiar tools to manage mobile users and devices. It adds two tabs to a device s Properties display and a single tab to each mobile user s Properties display. The tabs in the device Properties display mobile device-specific information and applications installed on the device. The user Properties tab lists the devices enrolled by that user. In addition, this extension adds a series of mobile device and Samsung KNOX container commands for example, lock and unlock the container that can be sent to one or more devices from the Active Directory Users and Computers console. Group Policy console extension: Again, when Centrify Cloud Management Suite for mobile device and container management is installed, additional group policies for mobile devices and Samsung KNOX containers are created. This is an Active Directory group policy console extension with a comprehensive set of group policies that can be used to configure and control mobile devices. Familiar tools are used to create group policy objects for the mobile devices. The cloud service then automatically installs the policies on the devices. NOTE: Neither extension modifies Active Directory they are both console extensions only. After the above components have been installed, the Centrify Cloud Manager can be accessed. Using the Centrify Cloud Service and the Centrify Cloud Manager The Centrify Cloud Service is a multi-tenanted service that provides secure communication from an on-premise Active Directory environment to mobile devices. The Centrify Cloud Service is hosted in Centrify s secure datacenters throughout the world. Each organization must register with Centrify in 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 7

order to enable the cloud services that manage communications between the organization s Active Directory environment and managed mobile devices. This communications channel is used for secure user authentication and device management controls such as installing group policies, sending commands to individual or groups of devices, and deploying applications to specific sets of users. The Centrify Cloud Manager is the Centrify Cloud Service administrator tool. Administrators use Centrify Cloud Manager to configure cloud service settings, deploy applications, manage users and devices and monitor cloud service activities. The Centrify Cloud Manager is also used to define roles for users and administrators. A tool is provided to allow administrators to create or modify roles. Once a role is created, the administrator can assign Active Directory users and groups to roles as needed. The Centrify Cloud Manager user interface provides multiple views into an organization s applications, role access and activity, and allows changes to be made. Use the Apps page to see all the applications that have been added and deployed. An application s settings or user access options can also be modified. Use the Roles page to add, modify, or delete roles. Active Directory users and groups can be added to roles. Roles can be assigned to applications to control access to those applications. Use the Users page to view all users who ve logged in at least once and to specify login exceptions for specific users and applications. The Devices page lists all managed KNOX devices. If the Centrify User Suite SaaS Edition has been licensed for other platforms, Android, ios and Mac devices joined to the domain are also listed. Web-based administrator portal 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 8

The Dashboards provide multiple views into recent application, user, and device activity. In the User Activity view, top users and recently logged-in users can be seen. The Device Activity view displays information about users mobile device usage. In the App Activity view, an IT administrator can see which applications are getting used the most. Use the Settings page to check the status of proxy servers and other settings. The Reports page includes a number of built-in reports for looking at things such as user or device activity, application usage, failed logins, role changes and inactive users. Administrators can also create their own reports using an advances query system. Using the Active Directory and Group Policy Console Extensions Once the Active Directory Users and Computers console extensions have been installed, new objects and functions are made available for use by the administrator. For example, mobile devices that have been enrolled into the Centrify Cloud Service will now show up as authorized managed devices in addition to desktop computers and servers. Administrators can also create or manage KNOX containers and execute other device management tasks. All of this takes place from within the standard Active Directory console. As a result, administrators can immediately be productive since they are using tools and interfaces they are already familiar with. Samsung KNOX devices managed through the standard Active Directory console 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 9

Likewise, the Group Policy console extension adds new functionality related to pushing centrally managed policies to Samsung KNOX devices. A new policy tree called Samsung KNOX Settings is created. From there the administrator can control settings for application management, browsers, email, firewalls, passcodes, VPNs and other functions, as well as set policies for automatic container creation and other KNOX-specific functions. Again, all of this is administered from within the standard Group Policy console environment. Group Policy console for managing Samsung KNOX The Active Directory Experience for Samsung KNOX Users Samsung KNOX users have two ways to access the Active Directory features included with Centrify for Samsung KNOX. MyCentrify web-based user portal Users can access the MyCentrify portal from a browser on any internet-connected device. An Active Directory username and password are required to enter the portal. Two-factor authentication is also available for organizations that want extra security. This portal can be used for deploying corporate apps and managing devices as well as providing the user with a number of self-service administrative functions, such as changing the user s Active Directory password. Users can also see the properties for all their connected devices, locate a mobile device and perform tasks such as remotely powering off the device or wiping the device should it be lost. Users can also create a KNOX container, which is then registered with the Centrify Cloud Service and Active Directory. As well, users can view and edit their Active Directory profiles from the portal. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 10

Web-based Centrify for Samsung KNOX user portal Centrify App Users can download and install the Centrify app, simply called Centrify, from the Google Play store. This app runs in the standard Android environment and is used for: enrolling and unenrolling the device in the Centrify Cloud Service and Active Directory creating the KNOX container establishing the certificate-based trust between the cloud service, the device and the user, which enables the SSO experience reviewing and setting up mobile apps and app updates that get installed in the KNOX container reviewing and deploying centrally-managed policies, based on Group Policy settings established by the Active Directory administrator, for both the device and the container. Centrify app 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 11

Summary Once enrolled, the service then issues PKI Certificates that identify the user and the device to the cloud service. These certificates enable strong mutual authentication of the device to the cloud service for all subsequent communications to ensure that the device is communicating with the trusted security service provider. The Centrify Cloud Service can then both manage the device and the KNOX Container security policies (depending on the Group Policy configuration chosen by the administrator) as well as provide Zero Sign-On services. This concludes the overview of the Centrify for Samsung KNOX Active Directory-based capabilities. These unique features not only help users to be more productive and secure but also provides IT management with powerful tools for controlling access to corporate IT applications and data. Benefits of the Centrify for Samsung KNOX solution include the following: Reduced helpdesk burden: As much as 40% of helpdesk call volume can be related to password or account reset issues. Users lose productivity and IT experiences greater frustration and unnecessary expense. Centrify for Samsung KNOX can quickly lower costs by improving user productivity and reducing account reset calls by as much as 95%. Improved security: According to the 2012 Verizon Data Breach Investigations Report, five of the top six attack vectors were focused on users passwords accounting for the majority of data breaches. Centrify for Samsung KNOX reduces or eliminates the use of passwords for authenticating to users applications through the use of Active Directory-enabled secure Single Sign-On. When necessary, administrators can remove access to all applications, data and devices by simply disabling a user s Active Directory account. There are fewer passwords and password storage locations, making the Samsung mobile device more secure. Improved IT monitoring and control: Every web and mobile application in use represents yet another silo of identity and access control challenges. By controlling access to SaaS applications through Centrify for Samsung KNOX and centrally authenticating users with their Active Directory identity, administrators gain valuable information about which applications users are using. Reduced compliance overhead: With easy and thorough reporting on who in the organization has access to which devices and applications, and what they did with that access privilege, administrators can quickly show compliance with regulations and industry best practices freeing up expensive IT resources to deliver on projects that are important to corporate prosperity. Leveraging of existing infrastructure and skill sets: By providing the industry s tightest mobile device integration with Microsoft Active Directory, organizations can cost-effectively deliver mobile device management that leverages existing technology, skill sets, and processes associated with a corporate Active Directory environment. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 12

Where to go for more information For more information, please review the documentation and help pages for the various components of the Centrify for Samsung KNOX solution: The Centrify for Samsung KNOX Administrator s Guide provides the installation and configuration instructions for two solutions from Centrify that are part of Samsung KNOX. o Samsung KNOX Active Directory-based Management: A comprehensive suite that simplifies user authentication, mobile device and Samsung KNOX container management, and application deployment. o Samsung KNOX Active Directory-based Single Sign-On: An easy-to-integrate solution that provides seamless authentication for applications opened from within the Samsung KNOX container. The Centrify Cloud Manager online help provides task-oriented information for administrators who need to modify applications, manage roles and users, and configure settings in the Centrify Cloud Manager. To open this, click Help from the user name menu in the Centrify Cloud Manager. The Centrify Cloud Manager Application Configuration help provides specific details for configuring each kind of application individual web-based applications for SSO, user-password applications, and mobile applications. To open this, click the Help link from an application in the App Catalog or an Application Settings dialog box. The MyCentrify help provides task-oriented information for users to navigate and launch their deployed applications, view their activity, manage their own mobile devices, and specify some Active Directory settings. To open this, click Help from the user name menu in the MyCentrify user portal. For more information on Samsung KNOX visit the All Things KNOX Resource Center at: www.allthingsknox.com. How to Contact Centrify Worldwide Headquarters Centrify Corporation 785 N. Mary, Suite 200 Sunnyvale, CA 94085 United States Product & Sales Information North America: +1 (408) 542-7500 EMEA: +44 (0) 1344 317950 APAC +61 1300 795 789 Latin America: +55-11-9999-10156 Phone: +1 (408) 542-7500 Online: www.centrify.com/contact Centrify also provides device management products for a number of mobile platforms. For more information on these products, visit the Centrify web site or contact a Centrify sales representative. 2013 CENTRIFY CORPORATION. ALL RIGHTS RESERVED. PAGE 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information