Category filter

Configure Multi App Kiosk on Linux devices

This document will guide you in configuring multi app kiosk on Linux devices.

Organizations may often need to deploy devices in environments where access needs to be limited to a specific set of applications, like for information kiosks, or customer service terminals. In such cases, letting users access the full device can lead to security risks, or accidental system changes. For instance, in a customer-centric multi-app kiosk, the user needs access only to a set of approved applications, such as the organization’s core app and supporting tools, not to system settings or terminal tools. The Multi App Kiosk for Linux helps IT administrators to remotely enforce kiosk settings on Linux endpoints, ensuring that only the specified applications run on the device.

Note:


The Linux multi app kiosk mode only supports GUI (desktop) applications. Terminal-based and background applications, which lack a graphical user interface, are not supported.

Configure Multi App Kiosk

Prerequisites:


Before associating the kiosk policy,

  • A local user account must be created on the Linux device to configure as the kiosk account.
  • The applications to be added to kiosk mode must be installed on the device.

To configure multi app kiosk mode on Linux,

  1. Login to your Hexnode UEM console.
  2. Navigate to the Policies tab.
  3. Click on New Policy to create a new policy or select an existing policy. Provide the name and description (optional) for the policy.
  4. Navigate to Kiosk Lockdown > Linux Kiosk Lockdown > Multi App.
  5. Click on Configure.

    Configuring the Linux multi app kiosk policy on Hexnode UEM portal.

    Upon clicking Configure, you will see the following options:

    • Kiosk Account Name: Provide the username for the account that will be configured as the kiosk account.
    • Click on the plus (+) sign to add the desired applications to the kiosk. Select the applications from the list of available options.
    • Next, you can configure Advanced Kiosk Settings:
      • Auto Login: When enabled, the device will automatically log in to the kiosk account without prompting for credentials.
        Note:


        If multiple desktop sessions are available for the user, the device will log in to the default session automatically.

  6. Click on Policy Targets and associate the policy with the target device(s).

How to associate the policy with devices?

If you haven’t saved the policy yet,

  1. Navigate to Policy Targets.
  2. Click on + Add Devices, search and select the required devices to which you need to apply the policy and click OK.
  3. Click on Save to apply the policies to the devices.

To associate the policies with a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy with Users, User Groups, or Domains/OUs from the same pane.

If you’ve already saved the policy,

  1. Select the required policy, click on Manage and select Associate Targets.
  2. Select Device/ User/ Device Group/ User Group/ Domain/OUs.
  3. Search and select the devices/ users/ device groups/ user groups/ domains/OUs to which you need to apply the policy and click Associate.

What happens at the device end?

Upon login, only the Filelight and Firefox applications are available to the user as specified in the kiosk policy. All other system features, settings, and applications are restricted.

Linux device in multi app kiosk mode.

Kiosk Lockdown of Devices