Kiosk

Introduction

With POS devices finding an exponential level of usage, single-purpose devices are on the rise. But locking the devices to a single app is an arduous task for admins, as they need to configure devices to ensure no other apps are installed and users do not navigate away from the locked app. Furthermore, it is difficult to manage the settings of these devices. POS devices are usually at critical points in an organization and any modification to the settings may lead to loss of productivity. With MDM's Kiosk, locking down the devices to a single app and pre-configuring the settings over-the-air becomes a breeze. Another advantage is that MDM allows you to provision multiple apps under Kiosk. Once configured, you can ensure these settings cannot be modified by the users. Additionally, you can let the users configure basic settings through Custom Settings app. Kiosk is supported for all devices. However, Non-Samsung devices running 5.0 or above, should be provisioned as Device Owner.

The advantage of Kiosk is that all types of notification services such as the edge notification window, available in Samsung devices, get restricted by default, ensuring users cannot navigate away from the app(s) provisioned under Kiosk.

NOTE: It is better to have only one Kiosk profile associated per device/group. When you associate two Kiosk profiles to the same device/group, the profile that is applied at last gets associated. To avoid confusion, it is recommended not to associate a new Kiosk profile when there is a Kiosk profile already associated. If you want to make modifications, remove the existing profile and associate a new profile or modify the existing profile.

Provisioning app(s) under Kiosk

Choosing the Launcher

For devices in Multi-app Kiosk, the launcher to be used on the devices can be configured. Choosing MDM launcher, permits the Custom Settings app and Device restrictions to be configured. Along with that, the Default app can be configured under Advanced settings. The Default app will be automatically launched on the device, if inactive for the specified time duration. Configuring these settings, ensures granular control over the device which cannot be achieved using Device launcher. The Device launcher allows customization of the home screen but does not support advanced Kiosk settings.

Custom Settings App

In case of Kiosk provisioned devices, users in general cannot view/modify basic settings such as Brightness, Wi-Fi etc., as the screen gets locked to provisioned apps. Custom Settings app, as the name suggests, if configured allows the users to modify these basic settings on Multi-app as well as on Single-app Kiosk. The advantage of this app, is that you can configure basic settings irrespective of the status bar restriction. You can also configure Custom Settings for Single-app Kiosk.

Profile Description

Only devices running Android 5.0 or above can be provisioned as Device Owner .

FEATURE DESCRIPTION SAMSUNG NON-SAMSUNG
CORE ANDROID PROFILE OWNER DEVICE OWNER
Kiosk type

Single-app Kiosk type locks down the device to display only a single app. Multi-app Kiosk type locks down the device to display only a specific set of apps which will be displayed on the home screen. This restricts users from accessing other features of the device.

Launcher type (Can be configured only if Kiosk type is Multi-app)

You can choose the launcher to be used on a device provisioned with Kiosk.The MDM launcher allows granular control over the devices which cannot be achieved using the Device launcher.

Allowed app(s)

You can choose app(s) that should be to be provisioned on the device.

Choose wallpaper

You can customize the device screen to display your company's logo etc.

(Best resolution: 960*800 px; Image format: PNG, JPG; Image size: 1MB)

Show ME MDM app
(Can be configured only if Kiosk type is Multi-app)

You can choose to show the ManageEngine MDM app or ME MDM app on the device to enable the user install distributed apps from the App Catalog.

DEVICE RESTRICTIONS
Task Manager

Restricting this option, prevents users from accessing Task Manager on their devices. So, the users will not be able to access App Settings or go to Default launcher and exit Kiosk. Hence, it is recommended to keep the Task Manager always restricted.

Restricted by default
Status Bar

Restricting this will disable users from viewing Status bar details like battery, notifications, network details etc.

Status Bar expansion

Restricting this will prevent users from expanding the Status bar to access the Status bar controls. The user will still be able to view the notifications.

Restricted by default

Restricted by default

Home Button

By restricting the Home button on the device, users will not be able to view the home screen.

Restricted by default

Volume Button

You can restrict Volume buttons on the device and also configure the volume levels for media, notification, ringer, and alarm.

Power Button

You can restrict the usage of Power button on the device.

When you restrict Power button, user has to restart the device every time, to turn on the display.

Back Button

Restricting the Back button on a device prevents users from navigating back and exiting the app.

Unlock device without passcode (Supported from Android 9.0 or later)

Enabling this ensures the Kiosk provisioned device can be unlocked without any passcode.

Display app crash dialogs (Supported from Android 9.0 or later)

Enable/Disable the display of error messages when an app crashes on the device.

CUSTOM SETTINGS APP
Wi-Fi

Allow the user to configure Wi-Fi settings as well as switch between different SSIDs.

Flashlight

Allow the usage of Flashlight by the device users.

Brightness

Allow the users to modify the brightness of the device screen.

Screen Rotation

Pre-configure the screen orientation or allow users to modify the same.

Screen Timeout

Pre-configure the screen timeout or allow users to modify the same.

Mobile Networks

Allow/Restrict users from configuring network settings like Access Point Name (APN), Data roaming, Network operators, etc.

Bluetooth

Allow/Restrict the usage of Bluetooth. If enabled, the user is re-directed to device settings from where Kiosk/ MDM management can be revoked. Hence, the time duration for which Bluetooth can be used, has to be specified. Device will enter Kiosk after the specified time duration.

Portable Hotspot and Tethering

Allow/Restrict Hotspot and tethering. If enabled, the user is re-directed to device settings from where Kiosk/ MDM management can be revoked. Hence, the time duration for which Hotspot can be used, has to be specified. Device will enter Kiosk after the specified time duration.

Device Settings timeout

Specify the time duration for which users can access the device settings (maximum 120 seconds).

ADVANCED SETTINGS
Default app

Enabling this, ensures the device automatically launches a particular app after a specified period of inactivity. This is applicable only if the Kiosk type is Multi app.

Default app name

The Default app can be chosen from the apps to be provisioned on the device, specified initially.

Launch default app when it is inactive for

Specify the time duration after which the app has to be launched on the device automatically (minimum 20 seconds).


Pausing Kiosk on devices

    

While managing devices under Kiosk, there might be a pertinent need to pause Kiosk for certain purposes. Assume there is an enterprise app provisioned under Kiosk and it has stopped working. So, the IT admin will have to view the logs to understand and diagnose the issue. MDM lets you pause Kiosk in three different ways:

Security Commands

Pause Kiosk is available as a conventional security command. To execute the security command:

Pause Kiosk passcode

Pause Kiosk passcode is one of the easiest methods of temporarily revoking Kiosk as it requires no admin intervention. The passcode is to be specified by the user on the device to temporarily pause Kiosk. Although this makes it easy for admins, it brings the problem of device users randomly pausing Kiosk, without the admin being notified. However, the admin still has some control over this method, as only the admin and technicians with requisite access can view the passcode and share it with the users. This one-time and time-bound passcode is available when you click on the Pause Kiosk security command. To prevent passcodes from being easily guessable, MDM automatically generates Pause Kiosk passcode every time, as an arbitrary sequence of letters and numbers fortifying the passcode strength. Another advantage with Pause Kiosk passcode is that it doubles up as the passcode for temporarily revoking management. To pause Kiosk, you need to press the back button four times and then provide the Pause Kiosk passcode in the space provided. In case of Multi-app Kiosk, you can also choose to tap the top of the home screen four times and provide the Pause Kiosk passcode. If Custom Settings app is configured, Kiosk can be paused or temporarily revoked by clicking on to the Exit option provided in the Custom Setting app itself.

Remote Chat commands

The most probable reason for pausing Kiosk is to troubleshoot the device and this is usually done via Remote Troubleshoot. MDM lets you pause Kiosk right from the device view screen using chat. You can use the chat option present in the device view screen not only to interact with the user but also to execute certain commands such as pausing Kiosk and resuming it if need be. You can pause Kiosk using the command /EXIT-KIOSK, troubleshoot the device and the resume Kiosk using the command /ENTER-KIOSK. You can know more about chat commands here.

MDM supports pausing Kiosk and resuming Kiosk using different methods. For example, you can pause Kiosk using remote chat commands and resume it using security commands.

Troubleshooting tips

  1. You can add app(s) which are present in the Inventory, under Kiosk. In case the app(s) is/are not present, first add the app(s) to the App Repository. To know more about App Repository, distributing apps and verifying deployment status, you can refer App Management.
  2. Kiosk profile is associated to the devices, even if none of the Kiosk provisioned apps are present on the device.
  3. On configuring Kiosk profile, if you choose to restrict Power button on a device, it is recommended not to configure the screen timeout, so that the device does not go to sleep. In case the device goes to sleep, the device has to be restarted by long pressing the Power button.
  4. Once the Kiosk profile is associated to devices, ensure that these devices don't lose network connectivity. Else, these devices will be locked under Kiosk.
  5. In case the app(s) provisioned under have been updated, it is recommended to test them on a select set of devices before deploying to the production environment.
  6. While configuring the time passcode to pause Kiosk ensure the device time matches with the server time. If there is a mismatch, the user will be unable to use this passcode to pause Kiosk. You can prevent users from modifying the time on the device by configuring the Date/Time Settings under Restrictions and prevent the users from modifying these settings.
See Also:  Associating Profiles to Groups, Associating Profiles to Devices,  App Management, Distribute Apps to Devices, Distribute Apps to Groups
Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine