Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Client Get Started and Manage Client-based Zero Trust Access from Mobile Devices Set up the Zero Trust Access App for Android on Samsung Devices (Optional) Set up the Android device for Zero Trust Access using MDM Add the app to MDM

Last updated: Aug 20, 2025

Add the app to MDM

Follow these steps to deploy the Knox Service Plugin (KSP) and configure the Cisco Secure Client (Zero Trust Access) app for Samsung devices using Ivanti.

Procedure

1

Sign in to your Ivanti dashboard with administrator credentials.
2

Add Knox Service Plugin to App Catalog.

  1. Navigate to Apps > App Catalog and click +Add.

  2. From the Source drop-down, choose Google Play store.

  3. In the Search field, enter Knox Service Plugin. The app should appear. If it does not, check your spelling, network, or permissions.

  4. Click Knox Service Plugin and then click Approve if prompted.

  5. Click Select and change the category for the app if needed. Then click Next.
3

Assign the App to Users or Devices.

  1. By default, Delegate this app to all spaces is selected. Click Next.

  2. Choose which people or devices will get the Knox Service Plugin (KSP) app. By default, Everyone is selected. Click Next.
4

Configure Managed Settings.

  1. If Managed Configurations for Android does not appear, add it and give it a name.

  2. Enable Auto-launch on install.

  3. In the Managed Configurations section, click Expand All to display all settings.
5

Enter Knox and ZTNA Details.

  1. If you need to obtain a free Knox License key for the next steps, see Manage Knox Licenses.

  2. In the Profile name(version) field, enter your Samsung Knox profile name and make sure the slider is set to On.

  3. In the Knox License key(Knox Suite, DualDAR, etc) field, enter your Samsung Knox license key and set the slider On.

  4. Enable Debug Mode.
6

Select Device Enrollment Type.

  1. In the Device-wide policies section, choose the device enrollment type as:

    Fully Manage Device (DO)

    or

    Work Profile-on company owned devices (WP-C), also known as PO (Profile Owner)


     

    PO enrollment is more common. These instructions assume PO enrollment.

     

    If you are doing a PO-type enrollment, ensure your device is not part of any other configuration, as it could conflict with the PO config.
7

Configure ZTNA Policy.

  1. Scroll down to the ZTNA Policy section.

  2. Enable the Enable ZTNA controls setting.

  1. In the Package Name field, enter com.cisco.secureclient.zta (if needed, click the Refresh button to the right of the field to allow typing).

  2. You can leave Package Signature blank.
8

Click Next to finish Managed App configuration.
9

Set Device Installation Requirements.

  1. For Install on device, add a config or edit the config if one is listed.

  2. Enable Device Installation Configurations and Require installation on device.

  3. Click Update or Save to retain your changes.
10

Assign and Distribute the Configuration.

  1. From the left menu, navigate to Configurations.

  2. Find the configuration called Android enterprise: Work Profile (Android for Work) or similar and click it.

  3. Click the pencil to edit the configuration.

  4. Click Next on the first screen.

  5. On the Distribute screen, make sure your user/device/group is selected.

  6. Click Done.
Previous topic (Optional) Set up the Android device for Zero Trust Access using MDM Next topic Set up the App on the Samsung Device