February 04, 2020

Deploying the Knox Service Plugin (KSP) as an Internally-Managed Application

The Knox Service Plugin (KSP) allows enterprise customers to use Knox Platform for Enterprise (KPE) features as soon as they are available. With Workspace ONE UEM 1907 and later, you can use application configurations to configure the KSP when it is pushed as a public application. This blog post provides steps to extract the app configuration and build the XML file for any application.
Step 1 – Extract the app_restrictions.xml file

The first step is to extract the restrictions.xml file to get a list of the key-value pairs required to create the XML file.

  1. Download the Windows wrapper script and save the file as apktool.bat. Then, download the apktool.
  2. Copy both files into a folder (name it APKTool) in C:\Documents.
  3. Navigate to Environment Variables (This PC > Properties > Advanced System Settings).
  4. Select the system variable for the JAVA path and click Edit.
  5. Add a new path that points to the folder containing the APK tool files.
  6. Run the command apktool d using command prompt.
Step 2 – Create the XML file to be published as part of the custom settings profile

The next step is to build the XML file.

The previous command extracts the APK files to the Current Location\ (C:\KSP).

  1. Open the app_restrictions.xml file located in C:\<App name>\res\xml.
  2. Find the parameter that you want to configure and the corresponding key-value pair.
  3. KSP follows a nested configuration. After you have added the parameter, for example, profileDexCustomization, then find the parent parameter under which it is nested. Note the restrictionType (see yellow highlighted values in the previous screenshot) because you must create XML tags to form the nested XML file, as shown in this example.
Step 3 – Apply the KSP app configuration to the device

The final step is to create an Android device profile and apply the KSP app configuration to the device.

  1. In the Workspace ONE UEM console, create an Android device profile (Devices > Profiles & Resources > Profiles > Add).
  2. Add a Custom Settings payload and paste the XML file that was built in the previous step.
  3. Save and Publish the profile to be pushed to assigned devices.

Filter Tags

Workspace ONE Workspace ONE UEM Blog Announcement Deployment Considerations Overview Android Manage App & Access Management