Home / Knox Mobile Enrollment / How-to guides /

Manage admins and roles

Last updated August 5th, 2025

A Knox Mobile Enrollment account can be managed by multiple admins. With role-based access control (RBAC), super admins responsible for account creation can invite and assign role permissions to individual admins.

The general process for adding admins and creating roles in Knox Mobile Enrollment is shared across Knox Suite products. Additionally, some functions, such as managing and assigning enrollment profiles, require common permissions. For more information, see Manage admins and roles for Knox services.

Role-based access control

When specifying permissions for roles in the Knox Admin Portal, select from the listed permissions on the Create role page.

While admins can create roles with any permissions, they can only assign the roles that contain permissions that they have themselves.

You can assign the following Knox Mobile Enrollment permissions to each role:

Profiles

The ability to manage and assign enrollment profiles is controlled through common permissions. For more information, see Manage admins and roles for Knox services.

Devices and Uploads

Select permissions to determine how admins can manage devices:

  • View only — Admins can only view device configurations. No device administration permissions are granted.
  • Manage devices (Select at least one permission)
    • Assign with profile and manage tags
    • Unassign from profile
    • Delete

The Assign with profile and manage tags and Unassign from profile device permissions only allow you to manage enrollment profiles from the Knox Mobile Enrollment device list. To assign or unassign a profile through the common device list, you’ll need the associated common permission. For more information, see Manage admins and roles for Knox services.

Resellers

Select permissions to determine how admins can manage resellers:

  • Approve uploads — Admins can approve devices uploaded by reseller.

Device Users

Select permissions to determine how admins can manage device users:

  • View only — Admins can only view device user configurations. No device user administration permissions are granted.
  • Manage device users (Select at least one permission)
    • Add, edit, assign and unassign
    • Delete

Activity log

Select permission to determine whether the admin can view the activity log.

  • View activity log — If checked, allows the admin to view the Activity log page.

Administrators and Roles

Select permissions to determine whether the admin can manage other admins and roles.

  • Invite and manage administrators — If checked, allows the admin to invite and manage other admins.
  • Manage roles — If checked, allows the admin to add and edit roles to include any permissions.

Licenses

Select permissions to determine how admins can manage licenses:

  • View only — Admins can only view license configurations. No license administration permissions are granted.
  • Manage licenses (Select at least one permission)
    • Manage licenses
    • Delete

Knox Deployment Application

Select to determine if admins can enroll devices in Knox Mobile Enrollment using the Knox Deployment Application.

  • Allow access to Knox Deployment Application

On this page

Is this page helpful?