Category filter

How to configure iOS Web app kiosk?

Web apps are shortcuts to specific URLs. The URL can be that of a website, file or location. Administrators can configure Web app kiosks on iOS devices to restrict the end-users to a few approved web apps. The users will be able to access only the web apps added by the admin.

In Hexnode, web pages can be provisioned in kiosk mode using the web app kiosk policy. The websites added as web apps in the device can be opened in Safari or the Hexnode Browser Lite. Hexnode Browser Lite can also ensure unrestricted access to the approved external links within the web apps.

Notes:

This feature only works on supervised devices running iOS 9.3 or later.

Add web app into the app inventory

To add web apps into the app inventory:

  1. Log in to your Hexnode UEM console and navigate to the Apps tab.
  2. Click on +Add Apps and choose the “Web App” option from the dropdown list.
  3. Assign a suitable name, URL, and app icon for the web app and select a category for the same. Tap on Add.
  4. Adding iOS web apps in Hexnode for locking it in kiosk mode

Notes:

  • To ensure that your app icons are clearly visible on the device and the Hexnode UEM portal, use square-shaped images with device-specific dimensions.
  • For specific websites, device and user info can be passed along with the URL to iOS devices. Include wildcards in the URL in the format: “myURL”/“wildcard”.
    e.g.: “myURL”/% devicename%/%imei%/%serialnumber%.

    This exempts the IT administrator from configuring individual web apps specific to each device or user.

  • The end-user will be able to access all the paths of the whitelisted sites. For instance, if the site https://www.hexnode.com is whitelisted in the web kiosk, the user can access https://www.hexnode.com/forums/, https://www.hexnode.com/blogs/, etc.

Web apps URL format:

The following are the supported URL formats for web apps that can be added in Hexnode web app kiosk mode,

  • Website: https://url/ or http://url/
  • PDF: https://url/ or http://url/
  • Location: http://maps.apple.com/?applemapsparameters/
  • YouTube: https://youtubeurl/
  • iTunes: itms-apps://itunes url with app id/ (For example, itms-apps://itunes.apple.com/app/id1105383443)
  • FTP: ftp://url/
  • Shared documents: shareddocuments://url/

Create a web app kiosk policy

To restrict the target devices to a set of whitelisted websites,

  1. Go to the Policies tab and create a New Policy or choose to continue with an existing policy. Assign a suitable name and description for the policy if you are creating a new one.
  2. Under Kiosk Lockdown > iOS Kiosk Lockdown, choose the “Web App” option. Tap on Configure.

Open the web app using Safari in kiosk lockdown mode


To open the iOS web apps in kiosk mode using Safari,

  1. Select Safari from the “Web App Kiosk” policy.
  2. Click on the + icon and select the desired web apps.
  3. Click on Done.

The websites added as web apps in the iOS kiosk mode can be accessed using Safari. These web apps will appear as bookmarks in the browser.

Open web app using Hexnode Browser Lite in kiosk lockdown mode

Hexnode Browser Lite is a single-tabbed browser that provides access to the websites added as web apps in the kiosk mode. Hexnode Browser Lite can be used to access web apps in single and multi-web app kiosk policy.

To open a single web app using Hexnode Browser Lite,

  1. Choose Hexnode Browser Lite > Single web app kiosk in the “Web App Kiosk” policy.
  2. Click on the + icon to select the web app.
  3. To access an external link within the web app, add the link in the Whitelist websites field. The user will be blocked from accessing anything other than the whitelisted links.

To open multiple web apps using Hexnode Browser Lite,

  1. Choose Hexnode Browser Lite > Multi web app kiosk in the “Web App Kiosk” policy.
  2. Choose the device layout as either iPhone or iPad. The apps that you configure in iPhone will get automatically selected in iPad as well and vice versa, but not the wallpaper.
  3. Click on the + icon to select the web apps to be set in kiosk mode and click Done.
  4. Click on the Select Wallpaper icon to set a custom wallpaper.
  5. Click on Choose file to upload a PNG file and select the image. You can directly select the image if you have already uploaded the file in Hexnode UEM.
  6. Click on Save.
  7. Add the URLs to be whitelisted in the Whitelist websites section. The users can access only these whitelisted external links within the web app. All other websites will be blocked on the device. Hexnode supports the use of ‘*’ wildcard while specifying the allowlist website URLs.

Configuring ‘*’ wildcard in URLs for allowlisting websites

The wildcard * is a placeholder that matches any number, sequence, or string of characters. When * wildcard is used within a URL, the Hexnode Browser considers the domain, subdomain, subdirectory, or other URL elements as separate entities. The URLs are then allowlisted accordingly.

For example, for this URL https://en.wikipedia.org/wiki/, if you add an * in place of ‘en’ https://*.wikipedia.org/wiki/, it will allow all subdomains of wikipedia.org (e.g., en.wikipedia.org, fr.wikipedia.org, etc.). All other URLs will be blocked.

Allowlist websites using the asterisk wildcard

If you place the asterisk symbol at the end of the URL, for example https://www.hexnode.com/blogs/*, it will allow the following subpaths, https://www.hexnode.com/blogs/,
https://www.hexnode.com/blogs/?tab=how-tos. But it will block URLs of the format https://www.hexnode.com/forums/.

If you place the asterisk symbol in the middle of the URL, for example, https://www.*.com, it will block all the domains.

Disable web app kiosk configured with Hexnode Browser Lite

Method 1: Disabling web app kiosk mode via remote actions

To disable the web app kiosk mode on device(s),

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab and select the device(s) for which you want to disable kiosk mode.
  3. Click on the Actions button and select Disable Kiosk Mode from the drop-down menu.

Alternatively, you can release an individual device from web app kiosk mode via remote actions,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab and click on the name of the device that you want to remove from kiosk mode.
  3. Click on the Actions button and select Disable Kiosk Mode from the drop-down menu.
  4. Disabling web app kiosk using remote action from the target device

Method 2: Removing iOS devices from web app kiosk policy

To remove an iOS device(s) from a web app kiosk policy,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Policies tab and select the web app kiosk policy that is currently applied to the device.
  3. Go to Policy Targets and click on remove to remove the corresponding device from the policy.
  4. Save the policy.

Alternatively, you can release individual device from web app kiosk mode by removing the web app kiosk policy,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Manage tab and click on the name of the device that you want to remove from kiosk mode.
  3. On the Device Summary page, click on the Policies sub-tab.
  4. From the policy list, delete the web app kiosk policy associated with the device by clicking on the trash icon.
  5. Kiosk policy is removed from the device from Policies sub-tab

Method 3: Archiving the web app kiosk policy

To remove kiosk mode from all devices by archiving the web app kiosk policy,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to the Policies tab.
  3. Click on the archive icon corresponding to the web app kiosk policy that you want to archive. Or select the policy and click Manage > Move to Archive.

Method 4: Manually exit web app kiosk mode from the device

To manually exit the web app kiosk mode, click on the vertical ellipsis button in the top right corner of the screen, then click on the Exit Kiosk option and enter the global or local exit passcode to exit the web app kiosk mode.
Exiting web app kiosk manually from the iOS device

To configure the kiosk exit passcode,

  1. Log in to your Hexnode UEM portal.
  2. Navigate to Policies > New Policy. Assign a suitable name and description (optional) for the policy. You can also choose to continue with an existing policy.
  3. Go to Kiosk Lockdown > iOS Kiosk Lockdown > Advanced Website Kiosk Settings.
  4. Click on Configure.
  5. Under Kiosk Exit Settings, check the option Manually exit kiosk mode.
  6. The Kiosk exit passcode field will be pre-filled with the Global Exit Passcode. You can either choose to use the Global Exit Passcode as the kiosk exit passcode or change it to a new passcode as per your requirement.
  7. Proceed to Policy Targets and select Devices, Device Groups, Users, User Groups, or Domains.
  8. Click on Save.

Enable web app kiosk configured with Hexnode browser lite

If a web app kiosk mode is disabled either from the portal or from the device, follow the steps below to re-enable the kiosk mode:

Method 1: Enable kiosk from the device end

To enable web app kiosk with Hexnode browser lite from the device,

  1. Open Hexnode UEM application on your device.
  2. On the Home page you can find the option Web App Kiosk Mode.
  3. Click on Enable Kiosk to activate Web App Kiosk Mode with Hexnode Browser Lite.

Home page on Hexnode UEM application showing Web App Kiosk Mode

Method 2: Enable kiosk from the portal

To enable the web app kiosk mode with Hexnode browser lite from the Hexnode UEM portal,

  1. Navigate to the Manage Tab and select the Devices/Device Groups/Users/User Groups for which kiosk mode is to be enabled.
  2. Click on Actions and select Enable Kiosk Mode.
  3. Enter the technician password and click on Confirm.

Alternatively, you can select an individual device to enable web app kiosk mode on Hexnode UEM portal via remote actions,
Enabling web app kiosk using remote actions on the Hexnode portal

To enable web app kiosk mode for a device,

  1. Navigate to the Manage Tab and select the desired device for which kiosk is to be enabled.
  2. Click on Actions and select Enable Kiosk Mode.
  3. Enter the technician password and click on Confirm.

Configuring Advanced Kiosk Settings

Hexnode provides a set of advanced kiosk settings that can be pushed to devices as per requirement. These advanced settings are only applicable on devices running iOS 9.0 and above.

Advanced Kiosk Settings
Category Settings Description
Kiosk Settings
Touch This option, when unchecked, would disable the touch screen on the device. However, Assistive touch will not be disabled.
Device rotation This option, when disabled, would prevent screen rotation on the device.
Volume buttons This option, when disabled, would prevent the users from altering the device volume.
Ringer switch This option, when unchecked, would disable the ringer switch.
Sleep wake button This option, when unchecked, would disable the sleep/wake button on the device.
Auto lock This option, when disabled, will not let the device go to sleep automatically after an idle period.
VoiceOver Enabling this option would turn on VoiceOver functionality on the device.
Zoom Enabling this option would turn on Zoom on the device.
invert colors Enabling this option would turn on the Invert colors option on the device.
AssistiveTouch If enabled, AssistiveTouch is turned on.
speak selection Enabling this option would turn on Speak Selection option on the device.
Voice Control For iOS 13.0+ devices, this option when checked, will enable Voice Control feature that can help control the device using voice.
Mono Audio This option, when checked, will enable Mono Audio which combines stereo audio from both speakers into a single channel. Enabling Mono Audio will disable spatial audio on the device.
User Enabled Options
VoiceOver Enabling this option would allow VoiceOver adjustments.
Zoom Checking this option will allow the user to manually enable/disable the Zoom option.
Invert colors Enabling this option would allow the users to activate or deactivate Dark mode on the device.
AssistiveTouch Enabling this option would allow AssistiveTouch adjustments.
Voice Control For iOS 13.0+ devices, this option when checked, users can enable/disable Voice Control in the device.



Use Advanced Website Kiosk Settings to configure additional customizations for the Hexnode Browser Lite.
Notes:

  • iTunes music file links created using iTunes Link Maker can be opened in Web app kiosk mode using Safari browser only.
  • FTP site links added as Web Apps can only be accessed using Safari on the Web app kiosk mode.

Associate policy with target entities in Hexnode UEM

If the policy has not yet been saved,

  1. Navigate to Policy Targets.
  2. Click on +Add Devices.
  3. Select the devices and click OK.
  4. Hit on the Save to apply the policies to devices.

If the policy has been saved,

  1. From Policies, check the policies to be associated.
  2. Click on Manage > Associate Targets and select the device.
  3. Click on Associate to apply the policy to the devices.

Apart from devices, you can also associate the policies with device groups, users, user groups, and domains from Policy Targets.

Notes:

  • If ‘Camera & Microphone access permission’ is disabled for the Hexnode UEM app on the device settings, the user will not be able to access the camera/microphone on the web-app kiosk configured with Hexnode Browser Lite.
  • While in kiosk mode, users cannot forcefully grant Camera & Microphone access permission for the Hexnode UEM app. This permission must be turned-on to upload images/files from the device’s photo library. If otherwise, the device must be exited from the kiosk for the user to change the permission settings on the device manually.

  • Kiosk Lockdown of Devices