Solution

  • Workspace ONE

Type

  • Blog

Level

  • Overview

Category

  • Fundamental

Product

  • Workspace ONE UEM

OS/Platform

  • Android

Phase

  • Manage

Use-Case

  • App & Access Management
Nishant Gandhi
Read More from the Author

Senior Consultant, End User Computing, VMware. Nishant Gandhi has been with VMware since 2014 and is a subject matter expert in Workspace ONE UEM and Workspace ONE Access.

Deploying the Knox Service Plugin (KSP) as an Internally-Managed Application

February 04, 2020

Introduction

The Knox Service Plugin (KSP) allows enterprise customers to use Knox Platform for Enterprise (KPE) features as soon as they are available. IT admins no longer have to wait until their UEM integrates the latest features—KSP enables admins to roll out Knox features directly after they launch. For more information, see the Knox Service Plugin Admin Guide.

With Workspace ONE UEM 1907 and later, you can use application configurations to configure the KSP when it is pushed as a public application using App & Books in the Workspace ONE UEM console. However, certain use cases might require KSP to be pushed as an internally-managed application. In this scenario, you must publish a profile containing the XML file to configure the KSP application. This blog post provides steps to extract the app configuration and build the XML file for any application.

Important: The KSP app must be present on the device before the KSP configuration is installed. To achieve this order of operations, use product provisioning and create a dependency within the KSP app configuration product to push the KSP application product first.

Use Knox Service Plugin as an internally-managed application

To leverage KSP as an internally-managed application, you must perform the following steps. Expand the drop-down menus to view the details for each step.

The first step is to extract the restrictions.xml file to get a list of the key-value pairs required to create the XML file.

  1. Download the Windows wrapper script and save the file as apktool.bat. Then, download the apktool.
  2. Copy both files into a folder (name it APKTool) in C:\Documents.
  3. Navigate to Environment Variables (This PC > Properties > Advanced System Settings).
  4. Select the system variable for the JAVA path and click Edit.
  5. Add a new path that points to the folder containing the APK tool files.
  6. Run the command apktool d using command prompt.

The next step is to build the XML file.

The previous command extracts the APK files to the Current Location\ (C:\KSP).

  1. Open the app_restrictions.xml file located in C:\<App name>\res\xml.
  2. Find the parameter that you want to configure and the corresponding key-value pair.
  3. KSP follows a nested configuration. After you have added the parameter, for example, profileDexCustomization, then find the parent parameter under which it is nested. Note the restrictionType (see yellow highlighted values in the previous screenshot) because you must create XML tags to form the nested XML file, as shown in this example.

The final step is to create an Android device profile and apply the KSP app configuration to the device.

  1. In the Workspace ONE UEM console, create an Android device profile (Devices > Profiles & Resources > Profiles > Add).
  2. Add a Custom Settings payload and paste the XML file that was built in the previous step.
  3. Save and Publish the profile to be pushed to assigned devices.

Check out more resources in the Understand Android Management Activity Path on Digital Workspace Tech Zone. This activity path contains curated assets to help you level-up your knowledge in the arena of Android Management.

Filter Tags

  • Workspace ONE
  • Overview
  • Fundamental
  • Blog
  • Workspace ONE UEM
  • Android
  • Manage
  • App & Access Management
February 04, 2020
Nishant Gandhi
Read More from the Author

Senior Consultant, End User Computing, VMware. Nishant Gandhi has been with VMware since 2014 and is a subject matter expert in Workspace ONE UEM and Workspace ONE Access.