Kiosk

Introduction

With POS devices finding an exponential level of usage, single-purpose devices are on the rise. But locking the devices to a single app is an arduous task for admins, as they need to configure devices to ensure no other apps are installed and users do not navigate away from the locked app. Furthermore, it is difficult to manage the settings of these devices. POS devices are usually at critical points in an organization and any modification to the settings may lead to loss of productivity. With MDM's Kiosk, locking down the devices to a single app and pre-configuring the settings over-the-air becomes a breeze. Another advantage is that MDM allows you to provision multiple apps under Kiosk. Once configured, you can ensure these settings cannot be modified by the users. Additionally, you can let the users configure basic settings through Custom Settings app. Kiosk is supported for all devices. However, Non-Samsung devices running 5.0 or above, should be provisioned as Device Owner.

The advantage of Kiosk is that all types of notification services such as the edge notification window, available in Samsung devices, get restricted by default, ensuring users cannot navigate away from the app(s) provisioned under Kiosk.

NOTE: It is better to have only one Kiosk profile associated per device/group. When you associate two Kiosk profiles to the same device/group, the profile that is applied at last gets associated. To avoid confusion, it is recommended not to associate a new Kiosk profile when there is a Kiosk profile already associated. If you want to make modifications, remove the existing profile and associate a new profile or modify the existing profile. Similarly do not combine other profiles with Kiosk since every time the other profiles are modified and updated, Kiosk profile will be re-applied to the devices. You need to enable Usage Access Permission when prompted on the device to enable or disable some of the Kiosk features like status bar, task manager or custom settings app.

Provisioning app(s) under Kiosk

Choosing the Launcher

For devices in Multi-app Kiosk, the launcher to be used on the devices can be configured. Choosing MDM launcher, permits the Custom Settings app and Device restrictions to be configured. Along with that, the Default app can be configured under Advanced settings. The Default app will be automatically launched on the device, if inactive for the specified time duration. Configuring these settings, ensures granular control over the device which cannot be achieved using Device launcher. The Device launcher does not support advanced Kiosk settings.

Custom Settings App

In case of Kiosk provisioned devices, users in general cannot view/modify basic settings such as Brightness, Wi-Fi etc., as the screen gets locked to provisioned apps. Custom Settings app, as the name suggests, if configured allows the users to modify these basic settings on Multi-app as well as on Single-app Kiosk. The advantage of this app, is that you can configure basic settings irrespective of the status bar restriction. You can also configure Custom Settings for Single-app Kiosk.

Home Screen Layout Customization

Home Screen Layout Customization lets you organize apps on the Home screen in multi-app Kiosk provisioned devices. You can add frequently used apps to the Dock and pin these apps to the Home screen even when user swipes across various pages. Apps pinned to the Home screen cannot be uninstalled by the users ensuring that the business requisite apps are always present on the device. You can add pages and folders to the Home screen, set custom wallpaper and modify font color of texts displayed on the Home screen, thus improving user experience on the device.

Note: Only web shortcuts added in the Kiosk profile can be customized to desired position. Web shortcuts added from other profiles will be listed after the ones configured in Kiosk profile.

Profile Description

Only devices running Android 5.0 or above can be provisioned as Device Owner .

FEATURE DESCRIPTION SAMSUNG NON-SAMSUNG
CORE ANDROID PROFILE OWNER DEVICE OWNER
Configure

Single-app Kiosk type locks down the device to display only a single app. Multi-app Kiosk type locks down the device to display only a specific set of apps which will be displayed on the Home screen. This restricts users from accessing other features of the device.

Launcher type (Can be configured only if Kiosk type is Multi-app)

You can choose the launcher to be used on a device provisioned with Kiosk.The MDM launcher allows granular control over the devices which cannot be achieved using the Device launcher.

Allowed app(s)/ web shortcut(s)

You can choose app(s) (both Store and enterprise apps) or web shortcut(s) that are allowed to run on the device. Any apps in the App Repository or installed on the managed devices can be specified.

Add app(s)/ web shortcut(s)

Allow app(s) that are already present on the device to be provisioned as Kiosk app(s) by specifying the app name and Bundle ID. Add web shortcut(s) by entering the web shortcut name, URL to be linked and icon to be displayed.

Refresh browser if idle for more than (Can be configured only if Kiosk type is Single Web App)

Specify the maximum period of device inactivity, after which the web shortcut will auto-refresh and will return back to the main URL. Auto-refresh deletes the session and cookies.

Hidden app(s)

You can specify app(s) which should run in the background, without their icon(s) being displayed on the device(s).

Automatically install the apps if not present on the device
(Can be configured only if Kiosk type is Multi-app)

If enabled, apps provisioned in Kiosk will be automatically installed if silent installation is supported or users need to install the apps from App Catalog. Similarly web-shortcuts will also be automatically distributed to the devices. In case you chose to disable this option after associating the profile, devices to which the policy was previously distributed will remain unaffected.

Pause Kiosk Password

Specify the password to be entered on the device to temporarily disable Kiosk.

Show ME MDM app
(Can be configured only if Kiosk type is Multi-app)

You can choose to show the ManageEngine MDM app or ME MDM app on the device to enable the user install distributed apps from the App Catalog.

DEVICE RESTRICTIONS
Task Manager

Restricting this option, prevents users from accessing Task Manager on their devices. So, the users will not be able to access App Settings or go to Default launcher and exit Kiosk. Hence, it is recommended to keep the Task Manager always restricted.

Status Bar

Restricting this will disable users from viewing Status bar details like battery, notifications, network details etc.
Note: In devices running Android 9.0 or later, only notification bar can be displayed and the Quick Panel settings is restricted by default

Status Bar expansion

Restricting this will prevent users from expanding the Status bar to access the Status bar controls. The user will still be able to view the notifications.

Restricted by default

Restricted by default

Home Button

By restricting the Home button on the device, users will not be able to view the Home screen.

Restricted by default

Volume Button

You can restrict Volume buttons on the device and also configure the volume levels for media, notification, ringer, and alarm.

Power Button

You can restrict the usage of Power button on the device.

When you restrict Power button, user has to restart the device every time, to turn on the display. If Power button is restricted, it is recommended not to configure the screen timeout, so that the device does not go to sleep. In case the device goes to sleep, the device has to be restarted by long pressing the Power button.

Back Button

Restricting the Back button on a device prevents users from navigating back and exiting the app.

Unlock device without passcode (Supported from Android 9.0 or later)

Enabling this ensures the Kiosk provisioned device can be unlocked without any passcode.

Display app crash dialogs (Supported from Android 9.0 or later)

Enable/Disable the display of error messages when an app crashes on the device.

CUSTOM SETTINGS APP
Wi-Fi

Allow the user to configure Wi-Fi settings as well as switch between different SSIDs.

Flashlight

Allow the usage of Flashlight by the device users.

Brightness

Allow the users to modify the brightness of the device screen.

Screen Rotation

Pre-configure the screen orientation or allow users to modify the same.

Screen Timeout

Pre-configure the screen timeout or allow users to modify the same. Screen can also be set to Always On when connected to charger.

Mobile Networks

Allow/Restrict users from configuring network settings like Access Point Name (APN), Data roaming, Network operators, etc.

Bluetooth

Allow/Restrict the usage of Bluetooth. If enabled, the user will be re-directed to device settings. Specify the time duration for which Bluetooth can be used. Device will enter Kiosk after the specified time duration.

Portable Hotspot and Tethering

Allow/Restrict Hotspot and tethering. If enabled, the user will be re-directed to device settings. Specify the time duration for which Hotspot can be used. Device will enter Kiosk after the specified time duration.

APN Settings

Allow/Restrict users from configuring Access Point Name (APN) settings. If enabled, the user will be re-directed to device settings. Specify the time duration for which APN settings can be accessed. Device will enter Kiosk after the specified duration.

Device Settings timeout

Specify the time duration for which users can access the device settings (maximum 120 seconds).

ADVANCED SETTINGS
Default app

Enabling this, ensures the device automatically launches a particular app after a specified period of inactivity. This is applicable only if the Kiosk type is Multi app.

Default app name

The Default app can be chosen from the apps to be provisioned on the device, specified initially.

Launch default app when it is inactive for

Specify the time duration after which the app has to be launched on the device automatically (minimum 20 seconds).

EDIT SCREEN LAYOUT
Dock

Enable this option to add frequently used apps to the dock for easier access from the Home screen

Restricted by default
Icon Size

Set icon size of the apps displayed on the Home screen

Font color

Set font color of the icon names displayed on the Home screen

Orientation

Lock the device in portrait or landscape mode or allow the user to control device orientation.

Allow user to change app position

Enable this option to allow users to rearrange the icons on the Home screen


Pausing Kiosk on devices

    

While managing devices under Kiosk, there might be a pertinent need to pause Kiosk for certain purposes. Assume there is an enterprise app provisioned under Kiosk and it has stopped working. So, the IT admin will have to view the logs to understand and diagnose the issue. MDM lets you pause Kiosk in three different ways:

Security Commands

Pause Kiosk is available as a conventional security command. To execute the security command:

Pause Kiosk passcode

Pause Kiosk passcode is one of the easiest methods of temporarily revoking Kiosk as it requires minimal admin intervention. If the device does not have internet connectivity or the device is not in the organization, the admin can share the one-time and time-bound passcode with the user. This passcode will be displayed when you click on the Pause Kiosk security command in the Inventory tab. The user can specify the passcode on the device to temporarily pause Kiosk. To prevent the users from randomly pausing Kiosk, without the admin being notified, this passcode expires after 90 minutes from the time it is generated and is automatically generated every time, as an arbitrary sequence of letters and numbers fortifying the passcode strength.

To pause Kiosk, you need to press the back button four times and then provide the Pause Kiosk passcode in the space provided. In case of Multi-app Kiosk, you can also choose to tap the top of the Home screen four times and provide the Pause Kiosk passcode. If Custom Settings app is configured, Kiosk can be paused or temporarily revoked by clicking on to the Exit option provided in the Custom Setting app itself.

Remote Chat commands

The most probable reason for pausing Kiosk is to troubleshoot the device and this is usually done via Remote Troubleshoot. MDM lets you pause Kiosk right from the device view screen using chat. You can use the chat option present in the device view screen not only to interact with the user but also to execute certain commands such as pausing Kiosk and resuming it if need be. You can pause Kiosk using the command /EXIT-KIOSK, troubleshoot the device and the resume Kiosk using the command /ENTER-KIOSK. You can know more about chat commands here.

MDM supports pausing Kiosk and resuming Kiosk using different methods. For example, you can pause Kiosk using remote chat commands and resume it using security commands.

Troubleshooting tips

  1. What if a Kiosk provisioned device loses internet connectivity?
    Once the Kiosk profile is associated to devices, ensure that these devices don't lose network connectivity. Else, these devices will be locked under Kiosk. If the device has lost connection with the server, you can recover the device from Kiosk as explained here.
  2. Why can't I pause Kiosk using Time bound passcode
    While configuring the time passcode to pause Kiosk ensure the device time matches with the server time. If there is a mismatch, the user will be unable to use this passcode to pause Kiosk. You can prevent users from modifying the time on the device by configuring the Date/Time Settings under Restrictions and prevent the users from modifying these settings.

Copyright © 2021, ZOHO Corp. All Rights Reserved.
ManageEngine