Category filter
Configure Multi App Kiosk on Linux devices
This document will guide you in configuring multi app kiosk on Linux devices.
Organizations may often need to deploy devices in environments where access needs to be limited to a specific set of applications, like for information kiosks, or customer service terminals. In such cases, letting users access the full device can lead to security risks, or accidental system changes. For instance, in a customer-centric multi-app kiosk, the user needs access only to a set of approved applications, such as the organization’s dedicated app and supporting tools, not to system settings or terminal tools. The Multi App Kiosk for Linux helps IT administrators to remotely enforce kiosk settings on Linux endpoints, ensuring that only the specified applications run on the device.
- The Linux multi app kiosk mode only supports GUI (desktop) applications. Terminal-based and background applications, that lack a graphical user interface, are not supported.
- Linux devices continue to display all notifications even during kiosk mode. On GNOME, KDE, XFCE, and Cinnamon desktop environments, low-priority notifications can be hidden, but critical ones will still appear and may allow user interaction with restricted apps or features. On MATE desktop environment, all notifications, whether from system or applications, will appear as they cannot be restricted or hidden.
- Applications added in kiosk mode appear as app shortcuts on the desktop, which can be manually deleted by the user. If a shortcut is removed, the user can restore it by logging out and then logging back into the kiosk account.
Execute Linux Multi App Kiosk Policy
Before associating the kiosk policy,
- A local user account must be created on the Linux device to configure as the kiosk account.
- The applications to be added to kiosk mode must be installed on the device.
To configure multi app kiosk mode on Linux,
- Login to your Hexnode UEM console.
- Navigate to the Policies tab.
- Click on New Policy to create a new policy or select an existing policy. Provide the name and description (optional) for the policy.
- Navigate to Kiosk Lockdown > Linux Kiosk Lockdown > Multi App.
- Click on Configure.
Upon clicking Configure, you will see the following options:
- Kiosk Account Name: Provide the username for the account that will be configured as the kiosk account.
- Click on the plus (+) sign to add the desired applications to the kiosk. Select the applications from the list of available options.
- Next, you can configure Advanced Kiosk Settings:
- Auto Login: When enabled, the device will automatically log in to the kiosk account without prompting for credentials.
Note:
If multiple desktop sessions are available for the user, the device will log in to the default session automatically.
- Auto Login: When enabled, the device will automatically log in to the kiosk account without prompting for credentials.
- Click on Policy Targets and associate the policy with the target device(s).
How to associate the policy with devices?
If you haven’t saved the policy yet,
- Navigate to Policy Targets.
- Click on + Add Devices, search and select the required devices to which you need to apply the policy and click OK.
- Click on Save to apply the policies to the devices.
To associate the policies with a device group, select Device Groups from the left pane under Policy Targets, and follow the above instructions. Similarly, you can associate the policy with Users, User Groups, or Domains/OUs from the same pane.
If you’ve already saved the policy,
- Select the required policy, click on Manage and select Associate Targets.
- Select Device/ User/ Device Group/ User Group/ Domain/OUs.
- Search and select the devices/ users/ device groups/ user groups/ domains/OUs to which you need to apply the policy and click Associate.
What happens at the device end?
Upon login, only the Filelight and Firefox applications are available to the user as specified in the kiosk policy. All other system features, settings, and applications are restricted.
