pdf icon
Category Filter

Kiosk

With POS devices finding an exponential level of usage, the need to convert mobile devices to single-purpose devices is on the rise. But locking the devices to a single app is an arduous task for admins, as they need to configure these devices to ensure no other apps are installed and users do not navigate away from the locked app. Furthermore, it is difficult to manually manage and restrict the settings on each of these devices. POS devices are usually at critical points in an organization and any user modifications to the settings may lead to device downtime and loss of productivity. With MDM's Kiosk, locking down the devices to a single app and pre-configuring the settings over-the-air becomes a breeze. Another advantage is that ManageEngine MDM Kiosk Mode allows you to provision multiple apps under Kiosk. Once configured, you can ensure these settings cannot be modified by the users. Additionally, you can let the users configure basic settings through Custom Settings app. Kiosk is supported for all devices. However, Non-Samsung devices running 5.0 or above, should be provisioned as Device Owner.

The advantage of Kiosk is that all types of notification services such as the edge notification window, available in Samsung devices, get restricted by default, ensuring users cannot navigate away from the app(s) provisioned under Kiosk.

NOTE: It is better to have only one Kiosk profile associated per device/group. When you associate two Kiosk profiles to the same device/group, the profile that is applied at last gets associated. To avoid confusion, it is recommended not to associate a new Kiosk profile when there is a Kiosk profile already associated. If you want to make modifications, remove the existing profile and associate a new profile or modify the existing profile. Similarly do not combine other profiles with Kiosk since every time the other profiles are modified and updated, Kiosk profile will be re-applied to the devices. You need to enable Usage Access Permission when prompted on the device to enable or disable some of the Kiosk features like status bar, task manager or custom settings app.

Provisioning app(s) under Kiosk

  • You can provision apps already present in any one of the managed devices or added to the App Repository. This can include pre-installed apps, store apps and enterprise apps.
  • In case the app provisioned under Kiosk is not available on the device, the app gets automatically distributed and installed on the device. The app distribution status is shown when viewing the device individually or in a group, in the Device Mgmt view.
  • In case of Store apps, these apps can be manually updated by the device user in case App Store is provisioned as an app in Kiosk. Otherwise you need to update the app via MDM.
  • In case of enterprise apps, you need to update the latest version of the source file (.apk) to the App Repository and then update the app on the devices.
  • If silent installation isn't supported, the apps get distributed to the App Catalog, from where the user needs to install it.
  • If a profile is updated and then re-distributed, the version of the enterprise app initially used during profile creation is one that gets distributed even if there's there's an updated version available in the App Repository. In case of Store apps, the latest version is distributed. The updated enterprise app needs to be separately distributed as explained here.
  • ME MDM app requires data access permission for the Kiosk to perform certain functionalities like enabling status bar and notification bar, task manager/recent buttons, launch a specific app after idle time and enabling mobile data, bluetooth etc in custom settings.

Choosing the Launcher

For devices in Multi-app Kiosk, the launcher to be used on the devices can be configured. Choosing MDM launcher, permits the Custom Settings app and Device restrictions to be configured. Along with that, the Default app can be configured under Advanced settings. The Default app will be automatically launched on the device, if inactive for the specified time duration. Configuring these settings, ensures granular control over the device which cannot be achieved using Device launcher. The Device launcher does not support advanced Kiosk settings.

Custom Settings App

In case of Kiosk provisioned devices, users in general cannot view/modify basic settings such as Brightness, Wi-Fi etc., as the screen gets locked to provisioned apps. Custom Settings app, as the name suggests, if configured allows the users to modify these basic settings on Multi-app as well as on Single-app Kiosk. The advantage of this app, is that you can configure basic settings irrespective of the status bar restriction. You can also configure Custom Settings for Single-app Kiosk.

Home Screen Layout Customization

Home Screen Layout Customization lets you organize apps on the Home screen in multi-app Kiosk provisioned devices. You can add frequently used apps to the Dock and pin these apps to the Home screen even when user swipes across various pages. Apps pinned to the Home screen cannot be uninstalled by the users ensuring that the business requisite apps are always present on the device. You can add pages and folders to the Home screen, modify font color of texts displayed on the Home screen, thus improving user experience on the device.

  • You can set up a custom kiosk wallpaper by configuring Wallpaper profile along with the same kiosk profile.
  • To display device details such as Username, Serial Number etc., on the device lock screen for easy identification, you can use Asset Tagging. In case you've configured wallpaper in the Asset Tag profile, it takes precedence over the wallpaper profile.
  • Only web shortcuts added in the Kiosk profile can be customized to desired position. Web shortcuts added from other profiles will be listed after the ones configured in Kiosk profile.
  • If a web shortcut is added in home screen layout, it will directly be displayed in the kiosk else if it is added in kiosk without a screen layout it will be displayed inside a folder. 

Watch this short video to learn how you can customize your Android Kiosk device's home screen.

Profile Description

Only devices running Android 5.0 or above can be provisioned as Device Owner .

FEATUREDESCRIPTIONKNOX-ENABLED SAMSUNGNON-SAMSUNG
LEGACYPROFILE OWNERDEVICE OWNER
Configure Single-app Kiosk type locks down the device to display only a single app. Multi-app Kiosk type locks down the device to display only a specific set of apps which will be displayed on the Home screen. This restricts users from accessing other features of the device. success success failured success
Launcher type (Can be configured only if Kiosk type is Multi-app) You can choose the launcher to be used on a device provisioned with Kiosk.The MDM launcher allows granular control over the devices which cannot be achieved using the Device launcher. success success failured success
Allowed app(s)/ web shortcut(s) You can choose app(s) (both Store and enterprise apps) or web shortcut(s) that are allowed to run on the device. Any apps in the App Repository or installed on the managed devices can be specified. success success failured success
Add app(s)/ web shortcut(s) Allow app(s) that are already present on the device to be provisioned as Kiosk app(s) by specifying the app name and Bundle ID. Add web shortcut(s) by entering the web shortcut name, URL to be linked and icon to be displayed. success success failured success
Refresh browser if idle for more than (Can be configured only if Kiosk type is Single Web App) Specify the maximum period of device inactivity, after which the web shortcut will auto-refresh and will return back to the main URL. Auto-refresh deletes the session and cookies. success success failured success
Hidden app(s) You can specify app(s) which should run in the background, without their icon(s) being displayed on the device(s). success success failured success
Web shortcut idle timeout Set a timer for web shortcut inactivity(can be scrolling on the same page for a long time). Once the device is idle for more than the defined time, cookies will be cleared. success success failured success
Automatically install the apps if not present on the device
(Can be configured only if Kiosk type is Multi-app)
If enabled, apps provisioned in Kiosk will be automatically installed if silent installation is supported or users need to install the apps from App Catalog. Similarly web-shortcuts will also be automatically distributed to the devices. In case you chose to disable this option after associating the profile, devices to which the policy was previously distributed will remain unaffected. success failured failured success
Pause Kiosk Password Specify the password to be entered on the device to temporarily disable Kiosk. success success failured success
Show ME MDM app
(Can be configured only if Kiosk type is Multi-app)
You can choose to show the ManageEngine MDM app or ME MDM app on the device to enable the user install distributed apps from the App Catalog. success success failured success
Show Notification Badge Notification badge contains the number of active app notifications.Choose to enable/disable notification badges for the applications. Note: When status bar and heads up notifications are restricted, notification badge will not work. Notification access permission has to be enabled in the device to show notification badge. success success failured success
DEVICE RESTRICTIONS
Task Manager

Restricting this option, prevents users from accessing Task Manager on their devices. So, the users will not be able to access App Settings or go to Default launcher and exit Kiosk. Hence, it is recommended to keep the Task Manager always restricted. success success failured failured
Status Bar

Restricting this will disable users from viewing Status bar details like battery, notifications, network details etc.
Note: In devices running Android 9.0 or later, only notification bar can be displayed and the Quick Panel settings is restricted by default
success success failured failured
Status Bar expansion

Restricting this will prevent users from expanding the Status bar to access the Status bar controls. The user will still be able to view the notifications. success Restricted by default failured Restricted by default
Heads-up notification

 

Restricting this will prevent heads-up notifications from being displayed on the device. Notifications can still be viewed by expanding the status bar, if status bar expansion is enabled. success success failured success
Home Button (For Android 9.0 and above, when Home Button is restricted Task Manager Button will also be restricted) By restricting the Home button on the device, users will not be able to view the Home screen. success failured failured success
Device Volume If device volume is restricted there will be no sound in the device. success failured failured success
Volume Button You can restrict Volume buttons on the device and also configure the volume levels for media, notification, ringer, and alarm.
Note: If device volume is restricted, settings configured in volume control will not work.
success success failured success
Power Button

You can restrict the usage of the power button on the device, limiting certain functionalities based on the device type and configuration, and when restricted, the user must restart the device to turn on the display.

Note: To avoid frequent restarts, it is recommended not to configure the screen timeout to prevent the device from entering sleep mode. If the device enters sleep mode, it must be restarted by long-pressing the power button.

Behaviour on Non-Samsung Devices (Android 9.0 or Above): Restricting the power button disables the ability to restart or shut down the device, but the screen can still be turned on or off using the power button.

Behaviour on Samsung Devices (Android 9.0 or Above): Restricting the power button disables restart, shutdown, and screen-off functionality, but the screen can still be turned on using the power button.

success failured failured failured
Back Button Restricting the Back button on a device prevents users from navigating back and exiting the app. success failured failured failured
SIM Unlock Restricting this option will prevent users from unlocking the device using the SIM PIN. This option is not applicable for devices that have a passcode configured. success success failured success
Unlock device without passcode (Supported from Android 9.0 or later) Enabling this ensures the Kiosk provisioned device can be unlocked without any passcode.
Note: If this option is allowed and a passcode is set in the device prior, users cannot manually power off or restart the device.
success failured failured failured
Display app crash dialogs (Supported from Android 9.0 or later) Enable/Disable the display of error messages when an app crashes on the device. success failured failured failured
Multi Window Multi window mode (split screen mode) allows multiple apps to share the same screen simultaneously. Allow/Restrict split screen mode on devices.
Stay awake while charging (Supported from Android 6.0 or later) Allow/Restrict the device to stay awake while charging. success success failured success
CUSTOM SETTINGS APP
Wi-Fi Allow the user to configure Wi-Fi settings as well as switch between different SSIDs. success success failured success
Add Wi-Fi Network Enable this option to allow users to add/edit Wi-Fi network configurations.
Note: Location permission will be enabled by default by MDM when the Wi-fi page is opened in Kiosk custom settings to search nearby Wi-fi networks.
success success failured success
Flashlight Allow the usage of Flashlight by the device users. success success failured success
Brightness Allow the users to modify the brightness of the device screen. success success failured success
Screen Orientation You can pre-configure the screen orientation or allow users to modify it. To enable this policy, grant the Modify system settings/change system settings permission in the ME MDM app. This permission is required to access the device's system settings. The device cannot be used until this permission is granted. success success failured success
Screen Timeout You can pre-configure the screen timeout or allow users to modify it. Additionally, the screen can be set to Always On when connected to a charger. To enable this policy, grant the Modify system settings/change system settings permission in the ME MDM app. This permission is required to access the device's system settings. The device cannot be used until this permission is granted. success success failured success
Mobile Networks Allow/Restrict users from configuring network settings like Access Point Name (APN), Data roaming, Network operators, etc. success success failured success
Bluetooth Allow/Restrict the usage of Bluetooth. If enabled, the user will be re-directed to device settings. Specify the time duration for which Bluetooth can be used. Device will enter Kiosk after the specified time duration. success success failured success
Portable Hotspot and Tethering Allow/Restrict Hotspot and tethering. If enabled, the user will be re-directed to device settings. Specify the time duration for which Hotspot can be used. Device will enter Kiosk after the specified time duration. success success failured success
APN Settings Allow/Restrict users from configuring Access Point Name (APN) settings. If enabled, the user will be re-directed to device settings. Specify the time duration for which APN settings can be accessed. Device will enter Kiosk after the specified duration. success success failured success
Device Settings timeout Specify the time duration for which users can access the device settings (maximum 120 seconds). success success failured success
Battery Optimization Enable this option to allow users to configure battery optimization. success success failured success
Battery optimized apps Specify the apps for which the battery usage needs to be optimized. success failured failured failured
Set Locale and Language Enable this option to allow users to switch locale languages. success success failured success
ADVANCED SETTINGS
Default app Enabling this, ensures the device automatically launches a particular app after a specified period of inactivity. This is applicable only if the Kiosk type is Multi app. success success failured success
Default app name The Default app can be chosen from the apps to be provisioned on the device, specified initially. success success failured success
Launch default app when it is inactive for Specify the time duration after which the app has to be launched on the device automatically (minimum 20 seconds). success success failured success
EDIT SCREEN LAYOUT
Dock Enable this option to add frequently used apps to the dock for easier access from the Home screen success failured failured Restricted by default
Icon Size Set icon size of the apps displayed on the Home screen success success failured failured
Font color Set font color of the icon names displayed on the Home screen success success failured failured
Allow user to change app position Enable this option to allow users to rearrange the icons on the Home screen success success failured failured

Enabling Phone Calls in Kiosk Mode

To enable phone calls in kiosk mode, add the following system applications to your kiosk profile's allowed apps or background app list:

  • For Android devices: Commonly, the required apps are com.android.server.telecom and com.android.dialer. If the dialer app package name varies by manufacturer, use this "current activity" tool to identify the correct package name.
  • For Samsung devices: Add com.android.server.telecom, com.samsung.android.incallui, and com.samsung.android.dialer.

Note:

If the required app is not listed in the allowed apps or background apps, you can manually add it by following these steps:

  1. Navigate to InventoryAppsAdd new app.
  2. Select Android as the platform.
  3. Enter the package name and app name, then click Add.
  4. The app will now appear in both the kiosk's allowed apps and background apps list.

Pausing Kiosk on devices

An Android device deployed using MDM under Kiosk mode    Using password to pause or temporarily exit out of MDM Kiosk mode on Android

While managing devices under Kiosk, there might be a pertinent need to pause Kiosk for certain purposes. Assume there is an enterprise app provisioned under Kiosk and it has stopped working. So, the IT admin will have to view the logs to understand and diagnose the issue. MDM lets you pause Kiosk in three different ways:

  • Using Security commands
  • Using Pause Kiosk passcode
  • Using Remote Chat commands

Security Commands

Pause Kiosk is available as a conventional security command. To execute the security command:

    • Click on the Inventory tab on the top menu and select the device.
    • Click on Actions and select Pause Kiosk from the dropdown. You can choose to automatically resume Kiosk after some time, by specifying the same when requested.
    • Once you are done troubleshooting the device, you can provision the device back into Kiosk by executing the security command, Resume Kiosk.
    • If the device does not have Internet connectivity, you can also pause Kiosk from the device using Time bound passcode which will be displayed on the server.
    • In case of devices being on field and not in the organization, you can try using the Pause Kiosk passcode.

If Kiosk mode is remotely paused for a set time, and the device is restarted during this time, then the timer is reset after the device restarts.

Pause Kiosk passcode

Pause Kiosk passcode is one of the easiest methods of temporarily revoking Kiosk as it requires minimal admin intervention. If the device does not have internet connectivity or the device is not in the organization, the admin can share the one-time and time-bound passcode with the user. This passcode will be displayed when you click on the Pause Kiosk security command in the Inventory tab. The user can specify the passcode on the device to temporarily pause Kiosk. To prevent the users from randomly pausing Kiosk, without the admin being notified, this passcode expires after 90 minutes from the time it is generated and is automatically generated every time, as an arbitrary sequence of letters and numbers fortifying the passcode strength.

To pause Kiosk, you need to press the back button four times and then provide the Pause Kiosk passcode in the space provided. In case of Multi-app Kiosk, you can also choose to tap the top of the Home screen four times and provide the Pause Kiosk passcode. If Custom Settings app is configured, Kiosk can be paused or temporarily revoked by clicking on to the Exit option provided in the Custom Setting app itself.

Remote Chat commands

The most probable reason for pausing Kiosk is to troubleshoot the device and this is usually done via Remote Troubleshoot. MDM lets you pause Kiosk right from the device view screen using chat. You can use the chat option present in the device view screen not only to interact with the user but also to execute certain commands such as pausing Kiosk and resuming it if need be. You can pause Kiosk using the command /EXIT-KIOSK, troubleshoot the device and the resume Kiosk using the command /ENTER-KIOSK. You can know more about chat commands here.

MDM supports pausing Kiosk and resuming Kiosk using different methods. For example, you can pause Kiosk using remote chat commands and resume it using security commands.

Points to Note:

  1. In SIM card locked devices, on device restart, you need to enter SIM unlock password to resume Kiosk
  2. Once the Kiosk paused device is restarted, you can resume Kiosk right from the notification shown on the device.

Troubleshooting tips

  1. What if a Kiosk provisioned device loses internet connectivity?
    Once the Kiosk profile is associated to devices, ensure that these devices don't lose network connectivity. Else, these devices will be locked under Kiosk. If the device has lost connection with the server, you can recover the device from Kiosk as explained here.
     
  2. Why can't I pause Kiosk using Time bound passcode?
    While configuring the time passcode to pause Kiosk ensure the device time matches with the server time. If there is a mismatch, the user will be unable to use this passcode to pause Kiosk. You can prevent users from modifying the time on the device by configuring the Date/Time Settings under Restrictions and prevent the users from modifying these settings.
     
  3. How should I configure physical keyboard in kiosk mode?
    The device automatically recognizes when a physical keyboard is connected and disables the on-screen keyboard. If the on-screen keyboard needs to be enabled, navigate to the Custom settings app>Keyboard Settings and toggle on the Show on-screen keyboard option.
     
  4. Why is the on-screen keyboard not working when external input device is connected?
    When any external input device is physically connected, the mobile device recognizes it as a physical keyboard and disables the on-screen keyboard. To enable the on-screen keyboard, navigate to the Custom settings app>Keyboard Settings and toggle on the Show on-screen keyboard option.

 

 

Jump To