Solution

  • Workspace ONE

Type

  • Blog

Level

  • Overview

Category

  • Announcement
  • Deployment Considerations

Product

  • Workspace ONE UEM

OS/Platform

  • Android

Phase

  • Manage

Use-Case

  • App & Access Management
Nishant Gandhi
Read More from the Author

Senior Consultant, End User Computing, VMware. Nishant Gandhi has been with VMware since 2014 and is a subject matter expert in Workspace ONE UEM and Workspace ONE Access.

Deploying the Knox Service Plugin (KSP) as an Internally-Managed Application

February 04, 2020
Step 1 – Extract the app_restrictions.xml file

The first step is to extract the restrictions.xml file to get a list of the key-value pairs required to create the XML file.

  1. Download the Windows wrapper script and save the file as apktool.bat. Then, download the apktool.
  2. Copy both files into a folder (name it APKTool) in C:\Documents.
  3. Navigate to Environment Variables (This PC > Properties > Advanced System Settings).
  4. Select the system variable for the JAVA path and click Edit.
  5. Add a new path that points to the folder containing the APK tool files.
  6. Run the command apktool d using command prompt.
Step 2 – Create the XML file to be published as part of the custom settings profile

The next step is to build the XML file.

The previous command extracts the APK files to the Current Location\ (C:\KSP).

  1. Open the app_restrictions.xml file located in C:\<App name>\res\xml.
  2. Find the parameter that you want to configure and the corresponding key-value pair.
  3. KSP follows a nested configuration. After you have added the parameter, for example, profileDexCustomization, then find the parent parameter under which it is nested. Note the restrictionType (see yellow highlighted values in the previous screenshot) because you must create XML tags to form the nested XML file, as shown in this example.
Step 3 – Apply the KSP app configuration to the device

The final step is to create an Android device profile and apply the KSP app configuration to the device.

  1. In the Workspace ONE UEM console, create an Android device profile (Devices > Profiles & Resources > Profiles > Add).
  2. Add a Custom Settings payload and paste the XML file that was built in the previous step.
  3. Save and Publish the profile to be pushed to assigned devices.

Filter Tags

  • Workspace ONE
  • Overview
  • Announcement
  • Deployment Considerations
  • Blog
  • Workspace ONE UEM
  • Android
  • Manage
  • App & Access Management
February 04, 2020
Nishant Gandhi
Read More from the Author

Senior Consultant, End User Computing, VMware. Nishant Gandhi has been with VMware since 2014 and is a subject matter expert in Workspace ONE UEM and Workspace ONE Access.