Samsung KNOX EMM Authentication Services. SDK Quick Start Guide



Similar documents
Centrify Mobile Authentication Services for Samsung KNOX

Centrify Mobile Authentication Services

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Centrify Cloud Management Suite

An Overview of Samsung KNOX Active Directory and Group Policy Features

Using NetIQ's Implementation of NetFlow to Solve Customer's Problems Lecture Manual

NetIQ Aegis Adapter for Databases

Integration With Third Party SIEM Solutions

AVG Business SSO Partner Getting Started Guide

Configuring SuccessFactors

Using the Message Releasing Features of MailMarshal SMTP Technical White Paper October 15, 2003

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Configuring. SugarCRM. Chapter 121

Connected Data. Connected Data requirements for SSO

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

WebTrends 7 Backup and Restore for MySQL Databases

NetIQ Identity Manager Setup Guide

McAfee Cloud Single Sign On

Advanced Configuration Steps

Copyright 2013, 3CX Ltd.

NetIQ Privileged User Manager

NetIQ Aegis Adapter for VMware vcenter Server

Mobile Device Management Version 8. Last updated:

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

CA Nimsoft Service Desk

Configuring. SuccessFactors. Chapter 67

Configuring Salesforce

NetIQ Directory and Resource Administrator NetIQ Exchange Administrator. Installation Guide

Common Driver Administration Guide. Identity Manager 4.0.2

Setup Guide Access Manager 3.2 SP3

Creating a generic user-password application profile

Identity as a Service Powered by NetIQ Solution Overview Guide

NetIQ AppManager for Self Monitoring UNIX and Linux Servers (AMHealthUNIX) Management Guide

McAfee Cloud Identity Manager

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

NetIQ Identity Manager Identity Reporting Module Guide

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Identity as a Service Powered by NetIQ Privileged Account Manager Service Installation and Configuration Guide

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

Copyright

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Parature Self-Service Portal

Configuring on-premise Sharepoint server SSO

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

NetIQ Identity Manager

NetIQ SecureLogin includes new features, improves usability, and resolves several previous issues.

Google Apps Deployment Guide

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

Access Gateway Guide Access Manager 4.0 SP1

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

User Guide Novell iprint 1.1 March 2015

Egnyte Single Sign-On (SSO) Installation for OneLogin

CA Performance Center

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

DIGIPASS as a Service. Google Apps Integration

Remote Desktop Solution, (RDS), replacing CITRIX Home Access

Administration Guide. SecureLogin 8.0. October, 2013

NetIQ Identity Manager

Abila Nonprofit Online. Connection Guide

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Microsoft Office 365 Using SAML Integration Guide

Citrix and Terminal Services Guide SecureLogin 8.1

Sophos Mobile Control SaaS startup guide. Product version: 6

CA Spectrum and CA Embedded Entitlements Manager

NetIQ Identity Manager

Defender Token Deployment System Quick Start Guide

Sophos Mobile Control Startup guide. Product version: 3.5

Cloud Services MDM. ios User Guide

How To Configure A Windows 8.1 On A Windows (Windows) With A Powerpoint (Windows 8) On A Blackberry) On An Ipad Or Ipad (Windows 7) On Your Blackberry Or Black

Employee Active Directory Self-Service Quick Setup Guide

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Sophos Mobile Control Startup guide. Product version: 3

HOTPin Integration Guide: Google Apps with Active Directory Federated Services

SAML single sign-on configuration overview

MaaS360 Cloud Extender

Omniquad Exchange Archiving

RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide

Comodo Mobile Device Manager Software Version 1.0

Enterprise Self Service Quick start Guide

NetIQ Access Manager. Developer Kit 3.2. May 2012

Integration Overview. Web Services and Single Sign On

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

MaaS360 On-Premises Cloud Extender

Building Secure Applications. James Tedrick

Reporting Guide NetIQ Reporting Center

Configuring IBM Cognos Controller 8 to use Single Sign- On

Sophos Mobile Control Technical guide

Setting Up Resources in VMware Identity Manager

User Guide Secure Configuration Manager

User Self-Service Configuration Overview

Configuring. Moodle. Chapter 82

Identity Server Guide Access Manager 4.0

Sophos Mobile Control user help. Product version: 6.1

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

Transcription:

Samsung KNOX EMM Authentication Services SDK Quick Start Guide June 2014

Legal notice This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non-disclosure agreement. Except as expressly set forth in such license agreement or non-disclosure agreement, Samsung Electronics, Co., Ltd. provides this document and the software described in this document as is without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. Some states do not allow disclaimers of express or implied warranties in certain transactions; therefore, this statement may not apply to you. This document and the software described in this document may not be lent, sold, or given away without the prior written permission of Samsung Electronics, Co., Ltd., except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of Samsung Electronics, Co., Ltd. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. Samsung Electronics, Co., Ltd. may make improvements in or changes to the software described in this document at any time. 1995-2014 SAMSUNG All rights reserved. Portions of Samsung KNOX are derived from third party or open source software. Copyright and legal notices for these sources are listed separately in the Acknowledgements.txt file included with the software. U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-dod acquisitions), the government s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement. Samsung KNOX is a trademark of Samsung Electronics, Co., Ltd. in the United States and other countries. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and other countries. Android and Google Play are trademarks of Google Inc. ARM and TrustZone are registered trademarks of ARM Ltd. or its subsidiaries. ios is a trademark of Apple Inc., registered in the U.S. and other countries. Microsoft Azure and Microsoft Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of any other companies and products mentioned in this document may be the trademarks or registered trademarks of their respective owners. Unless otherwise noted, all of the names used as examples of companies, organizations, domain names, people and events herein are fictitious. No association with any real company, organization, domain name, person, or event is intended or should be inferred.

Contents Chapter 1 Introduction 3> KNOX EMM SSO enhances the user s experience and improves security.......... 3 Use the KNOX EMM Authentication Services API to add SSO to mobile applications.......................................................... 4 Chapter 2 Developing with the KNOX EMM Authentication Services API 7> Contents of the KNOX EMM Authentication Services SDK package............. 7 Prepare for development................................................ 8 Install and run the demo applications....................................... 9 Create a SAML application profile in KNOX EMM Admin Portal.............. 11 Use the sample project to write your application............................. 12 Prepare your application for use in a Samsung KNOX container................ 12 Contact us........................................................... 13 2

Chapter 1 Introduction Samsung KNOX Active Directory-based single sign-on is a set of services that run on a KNOX-enabled mobile device and remote systems that integrate and communicate with an Active Directory infrastructure. This single sign-on solution addresses password proliferation by providing users with a single sign-on while also giving organizations centralized control over access to web-based and mobile applications. Users not only enjoy single sign-on but also self-service features that let them locate, lock, or wipe their mobile devices and reset their Active Directory passwords. Samsung Cloud Service delivers access control and visibility to application use in addition to seamless integration with Microsoft Active Directory. Samsung KNOX Active Directory-based single sign-on decreases the cost of rolling out and managing web-based and mobile applications while improving user adoption, satisfaction, security, and productivity. KNOX EMM SSO enhances the user s experience and improves security Employees of a large organization typically have to use several web-based and mobile applications on a daily basis, such as file-sharing applications, business-networking applications, e-mail, and so forth. Whether they access the applications through a web browser or through applications on a mobile device, they normally have to provide a username and password for each application, each time they open the application. Because it s difficult to remember a large number of passwords, users often use one or a small set of passwords for all the applications they need to use. If one of those applications has a security vulnerability and a user s password is compromised, a malicious hacker might gain access to all of the employee s data in all of the applications that employee uses. Samsung Cloud Service provides authentication using industry-standard certificate-based security and the organization s Active Directory service. For SSO applications, the organization provides users with the KNOX EMM User Portal through which they can access all the applications with which the organization has an account. The user logs in once with his or her Active Directory credentials to gain access to all the SSO applications that use Security Assertion Markup Language (SAML) protocol to authenticate users. For mobile applications in Samsung KNOX, a similar situation applies: once the user has logged in to the KNOX container, he or she has access to every SSO application in the container. Most such mobile applications have a web service providing data in the background, and the SSO extends to the web service without any additional credentials from the user. 3

Use the KNOX EMM Authentication Services API to add SSO to mobile applications Use the KNOX EMM Authentication Services API to add SSO to mobile applications Mobile applications can use the Samsung KNOX EMM Mobile Authentication Services API to authenticate with Samsung Cloud Service. On a device the supports Samsung KNOX, the user installs Samsung KNOX EMM to obtain access to Samsung Cloud Service. When a user enrolls their device in Samsung Cloud Service, the user provides Active Directory credentials, joining the device to the corporate Active Directory domain. Providing the mobile device management (MDM) provider has enabled mobile container management (MCM) capabilities, the MDM installs and enables a Samsung KNOX container on the device. The Samsung KNOX container establishes a certificate-based trust relationship with Samsung Cloud Service. Based on that trust, Samsung Cloud Service authenticates the user of the device, validates that the user has a current Active Directory account, and looks up the user s roles to determine which applications the user is allowed to run. The user experience can be described as zero signon since, after initial enrollment, the user is never required to enter credentials. Samsung Cloud Service and the KNOX EMM Authentication Services APIs use SAML to authenticate users. The authentication token returned by Samsung Cloud Service to the application is a SAML response. However, because the KNOX EMM Authentication Services APIs take care of validating and parsing the token, you do not need to know anything about SAML to implement SSO using the KNOX EMM Authentication Services APIs. The KNOX EMM Authentication Services APIs provide general information about the user read by Samsung Cloud Service from the user s Active Directory entry, such as the login user name, the user s address and telephone number, and their e-mail address. If you need other attributes from Active Directory, you can add them to the authentication token using an application-specific SAML script run by Samsung Cloud Service when the user first opens the mobile application. The script is created by the administrator when configuring the Generic SAML template in KNOX EMM Admin Portal for the application. For instructions on using the Generic SAML template, refer to Samsung KNOX EMM Authentication Services SDK Implementation Guide. When the login sequence is initiated by the user opening a mobile application in a Samsung KNOX container, the sequence of events is shown in the following figure. Chapter 1 Introduction 4

Use the KNOX EMM Authentication Services API to add SSO to mobile applications In the Samsung KNOX container, users see the applications they are authorized to use. Clicking on any SSO application in the container immediately opens the application. User authentication is invisible to the user, and is handled by interaction between the application (which calls the Samsung MAS API) and the KNOX SSO service (which communicates with Samsung Cloud Service as necessary). 1 The user logs into the KNOX container and opens the application. The application requests authentication information using the Samsung MAS API. 2 This information might be cached, but if the cached information has expired, the KNOX container contacts Samsung Cloud Service to obtain it using the certificate-based trust relationship set up earlier. In either case, the process is invisible to the user. 3 The Samsung KNOX container returns authentication information to the application, including the authentication token if requested. Note In order for Samsung Cloud Service to generate an authentication token, an administrator must use KNOX EMM Admin Portal to create and configure an application-specific SAML application profile and script. For instructions on configuring a SAML application profile, refer to Creating a SAML application profile in Samsung KNOX EMM Authentication Services SDK Implementation Guide. 4 The application passes the authentication token to its web service and requests userspecific data. 5 The application s web service uses the token to authenticate the user and returns the user s data for the application to display. The user can now use the mobile application. SDK Quick Start Guide 5

Chapter 2 Developing with the KNOX EMM Authentication Services API This guide shows you how to quickly start development with the Samsung KNOX EMM Authentication Service API to create a mobile application designed to run inside a Samsung KNOX application container. The KNOX EMM Authentication Services API is specifically designed to provide singlesign-on (SSO) capabilities to applications running in a Samsung KNOX container. The Samsung KNOX container authenticates the user through Samsung Cloud Services and, after that, the user does not need to provide credentials in order to use any of the SSO applications in the container. Refer to Samsung KNOX EMM Mobile Authentication Services SDK Implementation Guide to understand the roles of the KNOX EMM Authentication Services API, Samsung Cloud Service, the KNOX container, mobile applications, and SSO applications. Contents of the KNOX EMM Authentication Services SDK package The Samsung MAS SDK is packaged in the Samsung-KNOX folder in the centrify-cloud- SDK-for-Samsung-KNOX zip file along with the SAML SDK, this document, release notes, and an end-user license agreement. See the ReadMe file included in the Samsung-KNOX folder for an up-to-date enumeration of the files in the SDK. As of the time of this writing, the SDK package contains two folders and several files. The contents of the Samsung-KNOX folder are: Centrify-SSO-<buildnum>-Station-Samsung-MDM.apk: The SSO service application. You need to install this first on your Android mobile device. This application is used only for development and testing; it provides the SSO interface with Samsung Cloud Services that is provided by the Samsung KNOX container in an actual deployment. samsungsafeauth.jar: The library of classes and methods you need in order to compile and integrate your code. SamsungSSOManager.apk: The SSO manager app that you use to provision and manage the SSO service on a development and test system. On a deployed system, this application is replaced by the mobile device management (MDM) solution, such as KNOX EMM WebApps, that you are using. ReadMe.txt: A text file listing the contents of the package with up-to-date information about the installation and use of the package. 7

Prepare for development javadoc: A folder containing Javadoc documentation for the API. Samsung KNOX EMM Mobile Authentication Services SDK Implementation Guide also has documentation for the API; see the chapter Mobile Authentication Service for Samsung Reference. samples: A folder containing the following files: SamsungSSODemo1.apk: A demo app. SamsungSSODemo2.apk: A demo app. SamsungSSOSalesDemo.apk: A demo app. SamsungSSODemo1.zip: Source code for SamsungSSODemo1.apk. Prepare for development 1 Go to https://www.samsungknox.com/register and follow all the steps to register for Samsung Cloud Service and install the Samsung KNOX EMM Cloud Proxy Server. When you register, Samsung Cloud Service displays a window with a customer ID and proxy activation code. Make a note of the ID and copy the activation code to your clipboard. 2 Connect Active Directory to Samsung Cloud Service; either: a Install the proxy and connect it to your Active Directory environment using the configuration wizard. b Request a test bed from Samsung KNOX EMM Support (https://eem.samsungknox.com). You will need the following information: Company name Company URL Contact name Contact e-mail address Contact phone number Customer ID you received when you registered (step 1, above) Proxy activation code you received when you registered (step 1, above) When the test bed is ready, you will receive an e-mail with access information and instructions, after which you can continue with the rest of the steps, below. 3 Open Samsung KNOX EMM Admin Portal at https://emm.samsungknox.com/ manage. You need the sdkdemo test application in Admin Portal (necessary for the sample applications SamsungSSODemo1, SamsungSSODemo2, and SamsungSSOSalesDemo to work): a Click Add App. b Search for the sdkdemo application in the Select Applications dialog, select it and click Add Apps. Chapter 2 Developing with the KNOX EMM Authentication Services API 8

Install and run the demo applications c Follow the directions in the online help to configure the application. Install and run the demo applications The demo apps can be tested on any mobile device running Android 2.3 or later. 1 Install Centrify-SSO-<buildnum>-Station-Samsung-MDM.apk, SamsungSSOManager.apk, and any number of the sample applications on the Android device. Note Android program (apk) files can be installed on both devices and emulators using adb tools, which are part of the Android SDK. For more details, refer to http:// developer.android.com/sdk/index.html. 2 Launch the SSO Manager app, enter the customer ID you were assigned into the Customer ID text field, and press Set: Figure 1. Start up SSO Manager 3 Use Samsung SSO Manager to whitelist the sample applications that you want to test. Press the Get and then the Toggle button for each of the following applications: Demo1: com.centrify.sso.demo1 Demo2: com.centrify.sso.demo2 SalesDemo: com.centrify.sso.salesdemo Note When you install Samsung KNOX EMM, you use Active Directory group policies to whitelist group policies. See Admin Portal online help or Samsung KNOX Enterprise Mobility SDK Quick Start Guide 9

Install and run the demo applications Management SSO Installation and Configuration Guide for an overview of Samsung KNOX group policies. Figure 2. SSO Manager whitelist 4 Click the Launch Mobile Manager button. 5 Under Settings, make sure the login URL is set to https://emm.samsungknox.com and click Enable Debug Mode. Figure 3. Setting the login URL Chapter 2 Developing with the KNOX EMM Authentication Services API 10

Create a SAML application profile in KNOX EMM Admin Portal 6 Log in with the Active Directory credentials you set up earlier. 7 Launch any of the sample applications. 8 Close the sample application and reopen it or open another one. You should not have to enter credentials again. Create a SAML application profile in KNOX EMM Admin Portal You need to add an application profile for your mobile application so that it will appear in the list of available applications in KNOX EMM User Portal. In addition, you need to add a SAML application profile for your back-end SSO application so that Samsung Cloud Services can generate the authentication token needed by the SAML interface. 1 Open KNOX EMM Admin Portal and click Add App on the Apps page. 2 Enter Android in the search field. Select the Android InHouse template, and click Add App. 3 Click Edit and enter a name, description, and icon for your mobile application. Click Save. 4 Click Add App and enter Generic in the search field. Select the Generic SAML template and click Add App. 5 Follow the online help instructions and the instructions in the chapter Creating a SAML application profile of the Samsung KNOX EMM Mobile Authentication Services SDK Implementation Guide to fill in the template for the back-end web service that works with your mobile application. Use the sample project to write your application 1 Open the source code for SamsungSSODemo1. 2 Find the getsecuritytoken call. This method retrieves the authentication token for the application. For example: try { samltoken = entauth.getsecuritytoken("sdkdemo", false, SalesRecordsActivity.this); if (samltoken == null samltoken.length() == 0) { Toast.makeText(SalesRecordsActivity.this, "No saml token found", Toast.LENGTH_SHORT).show(); return null; } Notice that, in the sample application, the application name passed to the getsecuritytoken method is "sdkdemo". This call will work only if you have an application named sdkdemo in KNOX EMM Admin Portal created using the Generic SDK Quick Start Guide 11

Prepare your application for use in a Samsung KNOX container SAML template. The SAML script specified in the Generic SAML template is used to generate the token. Note The three demo apps SamsungSSODemo1, SamsungSSODemo2, and SamsungSSOSalesDemo all call getsecuritytoken with an app name of "sdkdemo". 3 Write your application using the Samsung MAS Android API to authenticate the user and parse the authentication token. Be sure that your call to getsecuritytoken uses the same application name as you used in your Generic SAML template for your web service. Note You will need to get some parameter values for the methods in the API from Cloud Manager. See the API descriptions in the chapter Mobile Authentication Service for Samsung Reference of the Samsung KNOX EMM Mobile Authentication Services SDK Implementation Guide for details. Prepare your application for use in a Samsung KNOX container 1 Test your mobile application for SSO. 2 If you wish to make the application available on the Samsung KNOX App Store, please submit it to Samsung (https://eem.samsungknox.com). 3 Provide the following information to Samsung so that Samsung can perform quality assurance testing and can include the application in the Samsung KNOX EMM Application catalog: Any configuration of the SAML template in Samsung KNOX EMM Admin Portal needed to support your SAML interface; for example, the contents of the URL and Issuer URL fields and the script from the Advanced tab. At least one test account credential for the service that you have enabled for SSO. Contact us If you have any questions, comments, or feedback, please visit: https//samsungknox.com/support. Chapter 2 Developing with the KNOX EMM Authentication Services API 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information