- Install Samsung authenticator for Kerberos on the device.
- Create a Knox container and choose Enterprise ID as the lock type (you will not be able to change the lock type to Enterprise ID once the container is created).
- Enter your Active Directory credentials and any other required information.
With the above settings, you will be able to log in to the SSO service without entering your AD credentials. The AD password will only be required to unlock the Knox container.