Android EMM: Configure silent authentication

KACE Cloud allows you to enroll Samsung Knox and Android Zero Touch devices without creating login accounts for your end users, as required.

Android silent authentication uses a certificate that you generate in KACE Cloud to sign the initial enrollment request. KACE Cloud verifies the following information in the signature before proceeding with the enrollment:

  • A valid certificate from KACE Cloud is used to sign the request.
  • The certificate used to sign the request has not expired.
  • The certificate used to sign the request matches the one stored in the customer's database as their Android Identity certificate.

To configure silent authentication for Samsung Knox and Android Zero Touch devices:

  1. Create an Android Identity Certificate in KACE Cloud.
    1. Go to Settings.
    2. In the left-hand panel, choose Android Settings > Identity Certificate.
    3. On the Android Identity Certificate page, click Days before expiry, and select the length of time that you want the certificate to be valid.

    4. Click Create Identity Certificate.

      The Android Identity Certificate page refreshes, displaying details about the newly created certificate, such as its expiry date and the thumbprint.

      At this point you also have and option to delete the certificate, when required, however doing so causes the silent authentication to fail.

  2. Samsung Knox devices only.
    1. In the left-hand panel, choose Android Settings > Samsung Knox Enrollment.
    2. On the Samsung Knox Enrollment page, under Device owner profile settings > step 1, copy the text for MDM Configuration.
    3. In the Samsung Knox portal, in the MDM Configuration section, paste the text you just copied.
    4. In the MDM Configuration text string, set the silent_authentication parameter to true.

    5. Save your changes.

    For more details about configuring device enrollment in the Samsung Knox Portal, see Configuring Samsung Knox device enrollment.

  3. Android Zero Touch devices only.
    1. Create or edit an Android Zero-Touch profile.
    2. Select the Silent Authentication check box.

    For details on creating or editing Android Zero-Touch profiles, see Add new Android Zero-Touch profile.

  4. If silent authentication fails on a device:
    • Re-set the device and try again, or
    • Log in to the KACE Cloud enrollment portal, and enroll the device.

Next steps

  1. Optional. Integrate with automated enrollment providers:
  2. Enroll your Android devices.