With the proliferation of personal and enterprise apps on smartphones, remembering multiple username and passwords, and entering them every time you use those apps, becomes cumbersome. Knox solves this problem by providing Single Sign-On (SSO) capabilities, which make it possible to enter a single username and password, for accessing multiple applications. The new Knox 2.0 has enhanced SSO features. It comes with a lot better Single Sign-On experience, not only for the users but also for developers and IT admins. So, what’s new with SSO? Let’s check it out.
- Samsung Knox - Centrify SSO Solution
- Samsung Knox - Samsung SSO Solution
What is in the Samsung SSO Solution?
- SAML 2.0
- HTTP Negotiate using Kerberos
Better experience for users
- Users can now enjoy SSO, not only for SaaS and cloud-based apps but also for web-based intranet apps.
- This enhanced capability brings SSO on Knox-enabled mobile phones closer to a desktop PC experience. Imagine, employees securely accessing a company’s intranet homepage on their mobile phones, checking email, accessing enterprise’s cloud and sharing data – all with just one log-in.
- A user enters an AD username/password on the login screen once and gets smooth login sessions to all other allowlisted apps automatically.
- Until the login sessions expire or the user is asked to authenticate again remotely by IT admin, there is no need to enter username/password again.
Fewer calls to IT Admins
- For SaaS, the solution uses the SAML 2.0 standard and requires the enterprise to host a SAML identity providing server. For enterprises using the AD infrastructure, deploying Active Directory Federation Services (ADFS) will serve the purpose. This solution can also be deployed with any other SAML-based identity federation server and directory services using Kerberos.
- IT admins can allowlist a set of apps installed on the device through an EMM system. Only these allowlisted apps can use SSO and no other app will be trusted by the on-device SSO client.
- Another important feature is that all Windows account and Kerberos policies, such as time synchronization, password expiry, account blocked, lifetime of tickets, etc., applicable to user accounts in AD will be applicable on mobile phone also.
- There is no cloud component or any third-party server involved other than mobile device and AD infrastructure in the enterprise’s premises.
- The SSO can use the per-app VPNs provided by the Knox platform for securely connecting to an enterprise’s AD and ADFS.
- Nowhere in the process is a password sent over the network or stored on a device.
Opportunity for developers
- If you want seamless SSO for your intranet apps, you can use APIs provided in the Knox 2.0 SDK to integrate with the Samsung SSO solution. Imagine employees securely opening enterprise’s intranet services on the mobile devices with an experience very similar to that of desktop PCs.
- For cloud-based applications and SaaS such as Salesforce, Dropbox or Office 365, which offer SAML-based SSO, SAML 2.0 based APIs have been provided in the Knox SDK.
- Developers can choose any one of the above two methods depending on the service provider.