1. Home
  2. Android Kiosk
  3. Hexnode Kiosk Mode for Android – Complete Guide

Hexnode Kiosk Mode for Android – Complete Guide

System Requirements

In order to activate Kiosk mode on your Android device, you should have

  • A device running Android v2.3 or above.
  • A working internet connection on the device running Hexnode MDM portal and on the Android devices.
Note:

Kiosk activation also available on devices enrolled in Android for Work Device Owner mode only.

Install and Enable Kiosk Software

Set up Kiosk Mode

Enroll Devices with Hexnode MDM

The first step is to enroll your devices with the Mobile Device Management software. All methods of enrolment are explained in this section.

Enrolment without Authentication

Enrolment without authentication requires the server name alone. No enrolment credentials are required and is thus, the easiest and fastest method of enrolment. All the devices enrolled without authentication gets assigned to a default user.
To set up enrolment without authentication,

  1. Go to Admin tab > Enrolment from the side menu.
  2. Enable No Authentication under Authentication Modes.
  3. Choose the Default User from the list and set a Default Password for Windows devices.
  4. Set the Request Modes: Email or Text/SMS, or both, and Enrolment Ownership: Corporate, Personal, Allow user to choose or Choose while enrolling.
  5. Click Save.

To create a new user,

  1. Head on to Management tab > Users.
  2. Click on New User.
  3. Enter the Display Name and Email address. Enable Send enrolment request to send the enrolment request immediately to the user.
  4. Click Save.

To send the enrolment request to a user,

  1. Go to Enrolment tab and click on New Enrolment.
  2. Choose the Domain and User and click Save.

An enrolment request will be sent via mail to the user, consisting of the Server name and QR code.
The Android devices can now be enrolled without authentication.

Enrolment with Authentication

Enrolment with authentication requires the server name and an authentication password. This password is randomly generated and can be used only once.

Note:

If the agent is removed from the device, but is still enrolled in the portal, a new enrolment request has to be sent to re-enroll the device.

To set up enrolment with authentication,

  1. Go to Admin tab > Enrolment from the side menu.
  2. Enable Enforce Authentication under Authentication Modes.
  3. By default, authentication enforcement via Enrolment Request and Self Enrolment are enabled for both Local and AD users.
  4. Set the Request Modes: Email or Text/SMS, or both, and Enrolment Ownership: Corporate, Personal, Allow user to choose or Choose while enrolling.
  5. Click Save.

To create a new user,

  1. Head on to Management tab > Users.
  2. Click on New User.
  3. Enter the Display Name and Email address. Enable Send enrollment request to send the enrollment request immediately to the user.
  4. Click Save.

To send the enrollment request to a user,

  1. Go to Enrollment tab and click on New Enrollment.
  2. Choose the Domain and User and click Save.

An enrollment request will be sent via mail to the user, consisting of the Server name,Password and QR code.
The Android devices can now be enrolled with authentication.

Self-Enrollment

ACTIVE DIRECTORY USER
Self-enrollment allows the user to directly enroll in Hexnode MDM if they already have their dedicated Active Directory credentials.
To configure Active Directory,

  1. Go to Admin tab and select Active Directory settings.
  2. Configure Active Directory Settings and enable Allow Self Enroll.
  3. Click Save.

Once the AD users are imported to the MDM console,

  1. Go to Management > Active Directory.
  2. Select the domain or OUs or groups.
  3. Click on Manage and select New Enrollment.

LOCAL USER
The admin creates a default user and a dedicated password manually or assigns a common password or individual passwords for the users and sends it to them as a bulk mail. The devices can be enrolled with these credentials.

  1. Head on to Management tab > Users.
  2. Create a new default user or choose an existing one and click on Manage > Change Password.

The Android devices can now be self-enrolled.

Bulk Enrollment

Hexnode MDM allows you to enroll devices in bulk. To do this,

  1. Go to Enrollment tab and select Bulk Enrollment.
  2. Choose a domain and upload the CSV file containing the fields name, email and ownership. All other fields – mobile, devicename, SerialNumber and platform – are optional. The ownership field can have the values personal, corporate or selectuser. selectuser allows the user to select ownership details while enrolling.
  3. Click Next. Hexnode MDM will automatically identify all fields if set as told in the above step. If not, map the keys manually.
  4. Click Next and then Confirm, and the enrollment email will be sent to all the users.
Pre-Enrollment

Pre-enrollment lets the administrator set up policies for devices even before the devices are enrolled in Hexnode MDM. The configurations/restrictions are automatically applied once the device is enrolled.
Pre-enrollment is setup along with Bulk Enrollment.

Install Hexnode MDM App to Android Device

Hexnode MDM Android app can be downloaded from Google Play.
When the installation is complete,

  1. Open the Hexnode MDM app and enter the server address into the field and tap Next. The server address will be <yourportalname>.hexnodemdm.com.
  2. The rest of the process differs with enrolment type.
    • If you are enrolling without authentication, you’ll be asked to activate device administration. Activate device administration.
    • If you are self-enrolling devices, you’ll need to provide your Active Directory or Local user credentials. Now, tap Next and activate Device Administration.
    • If you are enrolling devices using any other methods, provide the email address and the password obtained from the enrollment email. Tap Next and activate Device Administration.
    • Note:

      On Samsung SAFE devices, you should agree to the terms and conditions of Samsung’s privacy policy.

  3. When this is done and you tap on Enroll button, your device is all set to receive commands from the administrator.

Associate Kiosk Policy to Enrolled Devices

To turn your device into a Kiosk, you need to push the kiosk policy.

  1. Go to Policies tab.
  2. Click on New Policy and provide a name.
  3. Proceed to Kiosk Settings tab.
  4. Click on Configure button and set up your kiosk options.
  5. Go to Policy Targets tab.
  6. Click on + Add Devices, select the devices and click OK.
  7. Save the policy.

The policy will be automatically associated with the device.

Enable Kiosk Mode

In Android Marshmallow (6.0) and above, you’ll need to allow ‘Draw over apps’. To allow this,

  1. Go to Settings > App Settings > Configure Apps.
  2. Select Draw over apps.
  3. Select Hexnode MDM and turn on Permit drawing over other apps.
Note:

Skip this step in older Android versions.

When the policy is applied, Hexnode MDM will be launched and you’ll be asked to

  1. Enable usage access on some devices. If you don’t have an option to enable usage access, just ignore.
  2. Activate Kiosk. Tap on the prompt, select Hexnode Kiosk in the ‘complete action using’ popup and choose Always Select.
    Note:

    • After initial activation, all devices re-enter Kiosk mode without any prompts on the device.
    • Samsung Knox devices with Android v5.0+ and devices enrolled in Android for Work as Device Owner, enter Kiosk mode upon policy application without the prompt to Activate Kiosk.

Advanced Bulk Deployment Options

If you are into shipping, like, thousands of devices to several other industries, they won’t be willing to download Hexnode app and enter the server address on every device they have. In such a case, you can make the Hexnode MDM app as a system app, MDM pre-configured and kiosk mode pre-activated.
A system app will have access and permission to edit root directories and files, so you’ll have additional benefits.
You can either root the device and install the app to the system folder or make a custom ROM with Hexnode MDM app as the system app.

Additional Benefits

You will benefit from these additional features if you add Hexnode MDM as a system app.

  1. Silent app installation: Add Hexnode MDM to root or as a system app to enable silent app installation feature, even on non-SAFE devices.
  2. Non-removable MDM app: Add the app to /system/priv-app/ folder and unroot the device to make Hexnode MDM app non-removable.

Root the Device and make Hexnode MDM as a System App

Rooting lets Android users gain superuser access to their devices, unlocking the operating system to modify and customize different elements of the device. Hexnode MDM requires root access permission to gain the full privilege of a rooted device. Rooting the device still needs Hexnode MDM app to be installed on every device.

Make Hexnode MDM a System App before the Device is Turned On

Used by enterprises collaborating with OEM vendors, devices are manufactured with specially configured ROM, with all privileges and permissions granted to Hexnode MDM. Flashing a custom ROM makes Hexnode MDM a system app even before the device is turned on for the first time, and automatically enrolls the device in the MDM.

Disable Kiosk Mode

Disabling or exiting Kiosk mode can be done from the portal as well as from the device.

To disable Kiosk mode from the MDM console, the device needs to be connected to the Internet. You can either,

  • Disable Kiosk Mode from Management tab

    1. Choose the devices and click on Manage.
    2. Select Disable Kiosk Mode.

This method won’t remove the device from the Kiosk policy permanently. You can
Enable Kiosk Mode from Management tab > Manage itself.

In order to remove the devices from the Kiosk policy permanently, either

  • Remove the policy from the device

    1. Head to Management tab and choose the device.
    2. Continue onto Policies.
    3. Click on the trash icon near the policy name.
  • Remove the device from policy targets

    1. Go to Policies and click on the policy name.
    2. Continue onto Policy Targets.
    3. Click on the remove option near the device name.
  • Delete the policy, or

    1. Go to Policies tab.
    2. Select the policies, select Manage > Delete.
  • Disenroll the device from Management tab

    1. Choose the device and click on Manage.
    2. Select Disenroll Device.

If the devices are offline,

  • Tap the screen 10 times within 5 seconds and enter the Kiosk exit password. A default Kiosk exit passcode is mentioned in the portal.

    1. Head onto Admin tab > General Settings.
    2. The Exit Passcode is mentioned under KIOSK Global Settings.

    A Kiosk exit passcode can be set in the Kiosk policy as well, under Kiosk Exit Settings.

  • If you’ve set up an app with zero second auto launch delay, ensure that the Status bar is disabled and tap 10 times rapidly on the status bar at the top left area of the screen, to enter the Kiosk exit passcode.
    Exit manually from kiosk mode while an app is open should be enabled in the Kiosk Exit Settings of the Kiosk policy.

Major Kiosk Features

Hexnode Kiosk features are endless. Here’s a list of selected features that most of the industries are looking for. For a full list of features, see Hexnode Android Kiosk web page.

Kiosk Browser

The Hexnode Kiosk Browser enables secure multi-tabbed browsing, by restricting user access to URLs and web apps permitted by the enterprise alone. To enable the Kiosk browser in Kiosk mode,

  1. Head onto Policies tab > New Policy > Kiosk Settings.
  2. Select Single App Mode or Multi App Mode under Android Kiosk Mode.
  3. Whitelist all the apps that you need including web apps.
  4. Select Website Kiosk Settings, click Configure.
  5. Choose Hexnode Browser, single tab or multi-tab to browse the web apps and whitelisted URLs.
  6. You can choose to make the browse icon visible or not in the device.
  7. Go to Policy Targets and click on +Add devices and select the devices you want to assign the policies to. You can also assign the policy to users, groups or domains.
  8. Click Save.
Note:

  • If Another browser is chosen, the browser app needs to be installed on the device. Any URL, even if blacklisted, can still be opened with these browsers.
  • If no browser is enabled, the web pages can be viewed with Hexnode’s single-tabbed browser, Web view.
  • Hexnode Kiosk Browser is available on Android v4.1+.

When Multi-tabbed browsing is enabled, the Hexnode Kiosk browser will get downloaded to the device and ask to install. It will be installed silently only on Samsung Knox, LG GATE, Kyocera business phones, rooted Android devices, devices with Hexnode MDM as a system app and devices enrolled in Android for Work as Device Owner.

Hexnode Messenger

The Kiosk messenger module enables the admin to broadcast text messages to user devices, even while they are in Kiosk mode. The communication is unidirectional; from admin to user only.

  1. Head onto Policies tab > New Policy.
  2. Go to Kiosk Settings > Peripheral Settings and click Configure.
  3. Under the Messenger category, enable View messages sent by admin.
  4. Click Save.

Now, the broadcast messages can be sent to the enrolled devices via the Hexnode Messenger.

Update Enterprise Apps

Hexnode MDM makes it possible to update Enterprise apps setup in Kiosk, without taking them out of the Kiosk mode. You can either,

  1. Method 1:Replace the old APK file with the new one in the Hexnode app inventory.
  2. Method 2:Add the new app version in the kiosk whitelist.
  3. Method 3:Push the new app version via install application option (Only for devices supporting silent app installation)

Hide Apps

App icons can be hidden away, yet run the app in the background, with the Background Apps feature in Kiosk mode. This enables the enterprise to install an app in the device but restrict the user from tampering with it. Hidden apps can’t be set as a Default app.

Setup a Default Kiosk app

A default app can be set in Kiosk mode which would launch automatically as per the auto-launch period set in the policy and would run in the foreground at all times. You can access the other apps in multi-app Kiosk mode by pressing the back button and returning to the home page. The default app launches automatically when the device enters Kiosk mode or when the device stays idle for a set time. Setting up a default Kiosk app can be done in the Auto-Launch Settings.

Reporting

Hexnode MDM stores the device, user, application and audit data, which can be accessed from the Reports tab. Choose any report, click on Export and select the file format – PDF or CSV, for it to be saved to your computer.

Android kiosk mode complete guide - Reporting

Peripheral Settings

From Wi-Fi and Bluetooth configurations to Display and App settings, Peripheral Settings include a broad range of peripheral controls for the devices in Android Kiosk mode. For a detailed description of the configurations, refer the Peripheral Settings document.

  •  
  •  
  •  
  •  
  •  

Was this article helpful?

Related Articles

Leave a Comment