Configuring the Check Point Mobile Security Dashboard Integration Settings

Assign the app to the selected groups of users or devices.

Note - For easy reference during configuration, you can record your settings in the special table, see Integration Information.

Prerequisites

You need these details from your Samsung Knox Manage Deployment:

• Server - The URL of your Samsung Knox Manage Cloud Server.
  Example: URL = https://ap01.manage.samsungknox.com

• Client ID - API Client ID. See Creating an API Client
  

• Tenant ID
  

• Client Secret: The password of the API Client.

  These are the Admin credentials that the Mobile Security dashboard uses to connect to the UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point..

Mobile Security dashboard uses group in order to synchronize to Samsung Knox Manage, at least one group of the following:

• User / Device Group(s):

  This is the Samsung Knox Manage locally defined groups where the devices are members, and whose devices will be integrated with the Mobile Security dashboard. Multiple groups can be integrated with the one Mobile Security dashboard instance by selecting them

  Example: User Group = H

Note - Before you start, delete any existing devices in the Mobile Security dashboard. Only the devices are synchronized from the UEM to the Mobile Security dashboard, not users.

Configuring Integration Settings

After you complete the necessary steps, the Device Management pane shows the detailed status of the settings.

Procedure

1. From the Infinity Portal, go to Settings > Integrations.

2. Click the “+” icon.

   Example:

   

3. Select UEMs.

   

4. In UEM Service, select Samsung Knox Manage, and click Next.

   

• Server Setup

  Configure your UEM to integrate with the created Samsung Knox Manage devices:

  1. In Server Details section, enter this information:

     • Server Address - The URL of the Samsung server (e.g https://.manage.samsungknox.com)

• Client ID – Including your knox tenant ID (<Client ID>@<Tenant ID>)

• Client Secret – the password of the Client API

  Example:

  

2. Click Verify and Next.
   

• Synchronization Configuration

  Configure the devices and groups that you synchronize with Mobile Security dashboard.

  1. In the Groups field:

     1. Click Select Groups.

        A drop-down with list of the available groups opens.

     2. Select the group(s) you need for integration with Samsung Knox Manage.

        Example:

        

2. In the Android Enterprise Groups field:

   In case your Android Enterprise devices are deployed with two profiles (Work and Personal) it is recommended to protect both of them. Select the appropriate groups for deployed applications as part of the Samsung Knox Manage Android Enterprise deployment.. See Using Android Enterprise with Mobile Security.

   

3. In the Advanced section:

   Import Personally Identifiable Information (PII) and set the synchronization intervals.

   You can limit the import of the PII devices (users) to Mobile Security.

   Example:

   

4. Click Verify and Next.

Note - If all entries are OFF, the placeholder information set for the email address is placed in the Mobile Security dashboard’s Device Owner’s Email, in form of "UEMDevice UDID@vendor.UEM".

Setting	Description	Value
Device sync interval	Interval to connect with UEM to sync devices.	30-1440 minutes, in 30 minute intervals.
Device deletion threshold	Percentage of devices allowed for deletion after UEM device sync (in %)	0-100% Note - Use 100% for no threshold. 100% value is recommended for: Evaluation/test usage - When you are adding a small amount of devices. Planned bulk deletion of devices from the UEM (see sk184319). After the devices are deleted from the Mobile Security Admin Portal, set it back to a safer value (such as 5–10%) to prevent accidental mass deletions in the future.
Device deletion after	Delay device deletion after several sync attempts – device is deleted after this amount of sync tries that confirmed deletion	1-100 sync tries
App sync interval	Interval to connect with UEM to sync applications.	10-1440 minutes, in 10 minute intervals.

• Tagging Configuration

  Specify the information sent to Samsung Knox Manage and the risk level of the device.

  The tagging configuration will be synced to Samsung Knox Manage and will be used in setting device risk status.

  1. In Tagging Section:

     Set Tag device status to ON.

     For integration with Samsung Knox Manage, the Device Status tag is represented as a Device Groups that would be created automatically as "CHKP_Status_Provisioned", "CHKP_Status_Active",  "CHKP_Status_Inactive".

     We will use the CHKP_Status device groups to determine when to prompt the user to install the Harmony Mobile Protect app on their device. If the CHKP_Status device property hasn’t been set yet, then the device has not been synced with Mobile Security dashboard.

  2. Set Tag device risk to ON.

     For integration with Samsung Knox Manage, the Device Risk tag is represented as a Device Groups that would be created automatically as "CHKP_Risk_None", " CHKP_Risk_Low", “CHKP_Risk_Medium”, “CHKP_Risk_high”
     
     We will use the CHKP_Risk device groups to determine when to enact certain policies or actions on the device. If the CHKP_Risk is High or Medium, then the device will be sent an in-app notification and blocked from running corporate apps.

  3. Set Tag device threat factor to ON.
     The Threat Factor tag (CHKP_TF) is a list of threat factors associated with the Security Risk level, such as TF_ BACKUP_TOOL, etc. These threat factors can be used to provide additional detail and granularity of the current Risk level, however, they are not necessarily appropriate for policy triggers. The CHKP_TF tags is a sort of free-form list of strings of threat factors from the BRE Behavioral Risk Engine database. The Threat Factors would be represented as device tags.

     Example:

     

  4. In Advanced section:

     Mitigation attribute: This field will not be used as we will be using the CHKP_Risk and Status tags.

  5. Click Verify and Next.

• Deployment

  Specify the deployment status of a device.

Note - This section is optional, because Samsung Knox Manage manages the deployment automatically

If you use Mobile Security to manage the deployment:

In the Advanced section:

Enable options to send email and/or SMS notification to the new users with instructions to download and install the Harmony Mobile Protect app.

Example:

Click Finish.

View the Integration Status. By clicking on the “i” icon in the Knox Manage Card. Example:

That modal shows this information:

• Server – The latest server configuration status.

• Synchronization – The synchronized groups and the sync status.

  • Device Sync – The synced labels from Samsung Knox Manage

  • App Sync – The last type applications were fetched from the UEM (For iOS deployments only).

• Tagging – Tagging Configuration and Tagging Status.

• Deployment – Deployment Configuration and Deployment Status.

  Example:

  

  Click Edit in each section to edit the settings.