Setting up the Android shared-kiosk mode

Samsung Kiosk mode is deprecated in Android 8.1 and above. You must implement Android kiosk mode instead.

For task-worker deployments, companies may offer dedicated Android devices that are customized for a specific user role. Depending on a user's profile, different apps and configurations may be presented on a device. For example, a user in a technical role may have a specific set of apps presented for their use, while another user in a maintenance role may have access to a different set of apps.

The Android shared-kiosk mode acts as an app filter for different groups of users who share devices. A user who is logged in to the shared kiosk is only able to view the apps appropriate for their role. One of the main advantages to the shared-kiosk mode is that you can allow individual user groups access to different sets of apps from the same device. When a user logs out of an Android shared kiosk, their apps and user data, including history, are cleared from the display of the next user who logs onto the device. The shared kiosk requires connectivity to the Ivanti EPMM for the user login and logout actions to take effect. In addition, the shared kiosk is only available to Android Enterprise deployments with Managed Google Play accounts.

Figure 1. Task workers in Android shared kiosk mode

The shared kiosk requires two types of users, a staging user and a shared kiosk user, and at least two policies that correspond to these users. The staging user is used to prompt the login screen to appear on a shared device. In effect, the staging user is the logged out device owner (default owner) when a shared user is not logged into the device. Also, the staging user is a special type of admin user who allows other users to login to the actual kiosk device. After the shared kiosk user logs in successfully, then the staging policy is replaced by a shared kiosk policy. The kiosk user has access to the apps installed on the device according to the policy assigned to it. Although you can create multiple shared kiosk policies, there is only one kiosk policy active on a kiosk device at a time. When the kiosk user logs out of the shared kiosk, the device reverts to the staging user and, consequently, the staging policy.

Since the staging user only has the ability to access the login page, you need to a create staging policy that is dedicated to this user. In contrast, the shared kiosk users are able to access the set of apps that you define in their policy. (Naturally, you also need to install the permitted apps on the shared kiosk devices.) The shared kiosk policy allows you to create a filter of permitted apps from all of the apps you have installed previously. You cannot directly upload apps into an Android-shared-kiosk-mode policy. Often you want to dedicate a shared-kiosk-mode policy to a type of shared kiosk user, or user group, depending on your organization. For example, a company may have day-shift and night-shift employees that have different roles and require access to separate sets of apps. In this case, you need to create a day-shift policy and a night-shift policy.

Android shared kiosk only supports work-managed devices.