ProKiosk mode features

Enable ProKiosk Mode to restrict a portion of a device's functionality to just a specific set of targeted applications. ProKiosk Mode is Samsung's advanced solution for transforming Samsung off-the-shelf devices into purpose-built appliances. ProKiosk Mode can restrict device operations to a single specific application or group of applications and limits unwanted device activity.

Users cannot access the Settings menu on a business kiosk device. Kiosk devices can optionally hide system notifications from users.

Profile information

The following sections describe how to uniquely configure a profile for devices deployed as a stationary kiosk. For information on updating and replacing an existing device profile, go to: Updating an existing device profile.

A ProKiosk mode device remains in its ProKiosk state even after the device's profile is unassigned. Previously, when a profile was unassigned the user needed to factory reset the device using the Knox Configure Settings menu and device keys.

The Knox Configure portal does not support these special characters (# / $ * % ^ & \ ( ) + ? { } [ ]). Ensure they are not utilized when inputting characters during Kiosk profile creation.

General information

Set the following general information to define the Knox version utilized with the ProKiosk profile:

• Select one of the following Device level settings to ensure the profile is correctly supporting a Knox or non-Knox Samsung device:

  • Secured by Knox devices — Select this option if the devices receiving this profile utilize Knox. Once selected, refer to the Knox version drop-down menu and select the version of Knox currently residing on the devices receiving this profile.
  • Other Samsung devices — Select this option if deploying Samsung devices that do not utilize Knox. When this option is selected, the Knox version drop-down menu is no longer available. The remainder of the profile configuration screen flow closely resembles the screen flow of Knox enabled devices. The KDA enrollment of Other Samsung devices is not supported. ProKiosk devices do not support Other Samsung devices.
• Knox version — Use the drop-down menu to correctly select the version number. Ensure this setting is accurate, as newer Knox versions have the latest feature set available. To find the version number on the device, go to Settings > About device > Software info. The Knox version is not required if Other Samsung devices is selected as the Device level setting.

Profile

Set the following information for a ProKiosk profile to help differentiate it from other profiles with similar configuration attributes:

• Profile name — Enter a unique profile name that has not already been used by an existing profile in your organization.
• Profile description — This field is an optional means of providing a more detailed profile description.

Enrollment screen

Set the following enrollment screen information displayed on the device during enrollment. Required settings have asterisks appended to them.

• Company name
• Address 1
• Address 2
• City
• State
• Country
• Zip code

Support contact details

Provide a Phone number and Email for device users to reach out for support when encountering issues with their mobile device. You can also add a link to your enterprise's Website.

Device enrollment

Configure the following settings displayed within the device enrollment screen flow. If you choose not to customize the screens, the default Knox Configure enrollment screens and logos are used.

1. Set the following Welcome screen settings:

   • Skip welcome screen — Select this option to bypass a welcome screen within the device enrollment screen flow. If the welcome screen is skipped by selecting this option, it still displays on devices enrolled using the Knox Deployment App (KDA).
   • Customize welcome screen text — Select this option to display a welcome message, up to a maximum of 400 characters. You can review the welcome message as it's being composed in the PREVIEW area on the right-hand side of the screen.
   • Hide support link — Select this option to remove the support link from the enrollment welcome screen.

2. Set the following Agreements:

   • Skip Samsung Knox Privacy Policy — Select this option to accept to the Samsung Knox Privacy Policy on behalf of the user and skip it during the enrollment flow. Even if the agreement portion of the enrollment flow is skipped, any apps that require device admin or device owner permissions will still present the device user with EULAs.
   • Add additional Terms & Conditions and/or Privacy Policy — Select this option to define an additional agreement Title and agreement message Body. The additional agreement displays within the PREVIEW area as a checkbox that also must be accepted to proceed with enrollment.

3. Configure the following enrollment screen flow Branding elements:

   • Background fill — Use the drop-down menu to define the enrollment screen flow background color. Optionally select Upload image to select artwork for the background. The background image cannot exceed 2 MB.
   • Logo — Select a logo for preferred branding within the enrollment screen flow. The logo image cannot exceed 1 MB, and should have a 1:1 aspect ration for optimal fit within the enrollment screen flow.
4. Set the enrollment screen flow Foreground alignment to either Top, Center, or Bottom. Use the PREVIEW field as needed to assess how the enrollment screen content is aligned within each subsequent screen in the flow.

Enrollment preferences

Enable or disable the following preferences to determine whether device end users can cancel enrollment and skip the setup wizard:

• Run the Setup Wizard and prevent end users from canceling enrollment — Select this option to prohibit the device end user from cancelling enrollment and ensure the setup wizard in invoked.
• Allow end users to cancel enrollment — Select this option to display a Cancel button on the lower left-hand side of the welcome screen and provide device users with an option to cancel the enrollment screen flow.
• Skip Setup Wizard and enable FRP Bypass — Select this option to bypass the setup wizard and prevent the device from being locked to a private Google account due to Factory Reset Protection (FRP).

QR code for enrollment

You can generate a QR code that can be used to enroll devices with the profile after the device has been set up. To generate a QR code, click ADD QR CODE.

By default, QR code enrollment is only be enabled for devices uploaded by a reseller. You can bypass this by selecting Also allow QR code enrollment for devices not uploaded by a reseller. However, this will allow anyone with access to the QR code to enroll their device.

If you want the QR code to automatically configure a Wi-Fi network for the device, select Add Wi-Fi network configuration to QR code and add the network SSID Name, Security type, and Password (if applicable).

Accessory for enrollment

You can also choose to enroll devices by connecting an accessory after the device has been set up. For details on how to set up accessory enrollment, see Knox Configure Accessories.

Knox deployment application settings

Select a License to use with the Knox Deployment App (KDA). The license will be used to assign devices uploaded using the KDA and QR code enrollment.

The KDA provides a flexible option for IT admins needing to bulk enroll devices without a reseller. Using this app, you can reduce your bulk deployment time by using a primary device without factory resetting each device. Once they're enrolled, you can easily locate devices in the KC console.

If a license is not selected here, this profile will not display as an option in the KDA or work with QR code-based enrollment. Only one license can be selected. If the current license is consumed or expired, an admin will need to assign another license.

If there are no available licenses in the License list, select the Enter License Key option to add a new license. On the Enter license key screen, provide a License name and License key, then click ADD. The newly-created license is then available in the License list.

Product information screen

Customize the product information screen in the Configuration service:

• Product Name — Enter the product name displayed in the product information screen. If left blank, the name of the profile is used by default.
• Image — Upload a custom image to display in the product information screen. If you don't add an image, the default generic image is shown. The image size can be PNG or JPG format and can't exceed 2 MB in size.

Optionally, configure an additional way for the device user to open the Configuration service:

• Add a non-dismissible notification — Select this option to add a persistent notification that the device user can tap to quickly access the Configuration service.

  • Application name — Enter the application name shown in the notification.
  • Notification message — Enter the message shown in the notification.

Applications and widgets

Accessing the Library

Launch your KC console by clicking on the Knox Configure tile after signing into samsungknox.com. From the left-hand menu, choose Library.

From here, you can manage your applications which can be used within your profiles. To add a new app, click on the ADD MOBILE APPLICATION button.

There are two types of applications which can be added for mobile devices:

• Your own APK file
• A Google Play shortcut

When uploading your APK file, choose the proper file from your PC, and add a description (optional).

You can also check off Activate Knox license, however, only a custom SDK/custom SDK (KLM) license can be used for application activation. You can request these keys from your license reseller. Once received, the key and application must be registered on KPP before use. The application will be downloaded on the device during configuration if a license is selected.

If you select ADD FROM GOOGLE PLAY instead, you need to provide a direct address to the Play Store app and an optional description. You can add as many apps as needed.

When an uploaded app is selected, you can choose from various options to manage it under the ACTIONS button, such as deleting the app. Also, when an app is clicked, you will see a popup with basic information about it and all the uploaded versions.

If you want to add an application for your wearable device, the process is similar. Move to the WEARABLE APPS section and select ADD WEARABLE APPLICATION.

Like with mobile apps, there are two types of applications which can be added for wearable devices:

• Your own TKP or WGT file
• A Galaxy Store shortcut

In order to upload your own app, browse for the proper TPK or WGT file on your PC, provide a name for it and an optional description. If this is a watch face app, mark it properly.

If you select the ADD FROM GALAXY STORE option, you need to provide a Tizen package ID, such as org.tizen.message or org.tizen.call. Ensure you enter the package ID, not the application ID. Also, provide an app name, version and optional description. If this is watch face app, mark it properly.

App management in KC profiles

After adding profile information, you can add apps and widgets to your profile. Click ADD APPLICATIONS TO PROFILE to continue.

You can choose from apps already uploaded to your library or add a new one. To add a new app, follow the instructions outlined in the previous Library section.

When your uploaded app has more than one version, you can choose which one to be added to your profile.

Home screen & lock screen

Home activity

An IT admin can define a specific application as a kiosk's home activity, or place the device in Multi-App Kiosk mode.

To set the home activity:

Select either of the following Home activity options:

• Multi-App Kiosk mode — Select this option to use multiple preset applications in the kiosk. For more information on setting the Home activity to Multi-App Kiosk mode, go to: Multi-App Kiosk mode.
• Pre-installed application — Select this option to download applications during device configuration. For more information on setting the Home activity to the pre-installed application option, go to: Pre-installed application.

Multi-App Kiosk mode

1. Select the Multi-App Kiosk mode option from the Home activity drop-down menu. The screen populates with additional Home screen wallpaper and Add to Multi-App Kiosk home fields unique to this mode.

   

2. Select the Home screen wallpaper to upload the background image for the Multi-App Kiosk home wallpaper. The image must be in either .JPG or .PNG formats and cannot exceed 1 MB. The recommended image resolution is 1920 x 1080 pixels or higher to properly fit the Multi-App Kiosk homescreen. Once selected the preview image populates to the preview screen.
3. Select any of the anchors (+) on the preview image to launch the Add to Multi-App Kiosk home screen. Provide the following information to place an icon on the selected anchor. When finished, select Submit to place the icon on the home screen's selected anchor.
   

• Type — Select whether you want to add an app, web bookmark, folder, or content (PDFs, videos, or images).

• For Web bookmarks, provide:

  • Bookmark name — Enter a name for the bookmark icon that distinguishes it from others added to the home screen.
  • URL — Provide an accurate URL path to the location of the home page bookmark icon. Make sure the URL path starts with http://, http:// or ftp://.
  • Icon — Choose Select and navigate to the location of the intended home screen icon.

• For Folders, provide:

  • Folder name — Enter a name of the folder that distinguishes it from others on the home screen.
  • Applications, Content, and Web bookmarks — Add items to the folder. You also drag and drop items after the folder has been created.

• For Applications, provide:

  • Select application — Select from a list of pre-installed apps, or choose a different app.
  • Package name — Enter a valid package name.

• For Content (PDFs, videos, or images), provide:

  • Content — Browse for and upload a content file.
  • Content name — Enter a name for your file. This field can contain a maximum of 20 characters. If you don't enter a name, the original file name is used.

Pre-installed application

1. Select + Use a different pre-installed application from the Home activity menu.
2. In the Package Name field, enter a valid package name. The device's home activity requires at least one application, so the selection of an application is required.
3. Click Submit. Once submitted, the provided application is available for selection from the Home activity menu.

Display notification messages

Define whether the following notifications are displayed on a kiosk using this profile:

• ALL — Displays all the notifications listed below.
• Hide low battery notifications — Hide the status bar message, LED light, and other low-battery related notifications.
• Hide full battery notifications — Hide the status bar message, LED light, and other fully charged related battery notifications.
• Hide Nitz set time Notification — This option hides the warning message that normally displays when the device fails to retrieve date and time information from the network. The Nitz set time notification only appears on devices that have enabled the Automatic date and time and Automatic time zone options.

Status bar

Set the following status display options for the kiosk supported profile:

• Hide status bar — Show or hide the status bar when the device is in ProKiosk Mode.
• Hide clock — Hide the clock display on the status bar when the device is in ProKiosk Mode.
• Hide system icons — Hide the display of the notification icons on the status bar when the device is in ProKiosk Mode.
• Prevent the input method from being changed — Select this option to prevent the status input method from being changed by the device user.

Enter and Exit Professional Kiosk Mode UI

When the user long presses the power button, a screen containing the option to switch off ProKiosk Mode displays. The default text is "In sealed mode."

You can customize the screen in various ways:

• ProKiosk Mode option — Provide your own label for ProKiosk Mode utilized by this profile.
• ProKiosk Mode on/off — Provide your own label for the option to turn ProKiosk Mode on and off for this profile.
• Enter and exit passcode — End users enter this passcode to enter or exit ProKiosk Mode on their device. This passcode must have a minimum of 4 characters and is a required field.

Lock Screen

Under Lock Screen, you can choose to hide the Time, Date, Owner information, Help text, Battery information and Shortcut widgets. You can preview your changes on the right.

Lock screen wallpaper

Upload an image to use as the lock screen wallpaper. The device wallpaper is displayed before the user correctly enters the device's passcode and unlocks it.

Additional Home & lock screen settings (Knox 3.4 and above devices only)

Home screen notifications

Select Home screen, then select On or Off to toggle notification details when a device user selects and holds an app on the home screen of a device running Knox 3.4 or above. Once configured, use the Allow user to change setting option to Allow Home screen device user changes, Do not allow user changes or Do not allow and hide setting from user.

Sound & display

Sound

Set the following kiosk profile's sound settings for deployed devices:

• Set audio level — Set the volume level of the specified stream (Media, Notifications, System, Ringtone).
• Device speaker — Set the device speaker to play all available sounds. Even if the user connects their device using an audio jack, each sound is still played through the phone or tablet's speakers.
• Ringtone — Set the ringtone or notification tone to a specified audio file. The ringtone option is not supported on devices running Knox 3.0 or later.

Display

• Set screen auto rotation to OFF — Enable or disable the auto-rotate feature of the device. You could also specify the rotational angle (e.g. 0°, 90°, 180°, 270°). Note that this feature is only available on devices running Android 8 or lower.
• Remove swipe lock screen — Remove the swipe lock screen from the device. The device will wake with the launcher or previous screen when the power key is pressed, and remain unlocked even if the power key is pressed again or the screen turns off. This feature is only supported on devices running Android 9 and higher, if Knox version in Profile information is set to Knox 3.4 and above.
• Remove lock screen — Remove the lock screen from the device. Pressing the power or home button will turn the screen on and unlock the device. This feature is only supported on devices running Android 8.1 and lower.
• Set screen timeout (seconds) — Specify the inactivity period that must be exceeded to timeout the device screen. Note that this feature is only available on devices running Android 8 or lower.
• Screen always on when plugged in — Enable the screen to stay on when the device is connected to a power source.

Custom booting and shutdown animation

Administrators can customize boot animation by uploading images and setting the desired image orientation, dithering and size. Once created and uploaded, an admin can preview and verify the animation before assigning it to devices. When added into the console, the animation as a .qmg file for profile assignment.

Once verified, an admin can create a profile with relevant settings and add the animation file. The admin can then push the profile to specific assigned devices and verify the devices are configured properly with the animation file. For more information on creating and implementing custom animation, go to: Custom animation creation.

• Clear a custom booting and shutdown animation — Removes an existing device boot or shutdown animation from enrolled devices.

• Set a custom booting animation — Provide Animation, Loop, and Sound files played when the device is powered on. The Loop file plays continuously until the device has completed its boot process.

  • Animation file — the animation file plays right after the "Powered by Android" screen.
  • Loop file — It plays repeatedly until device has completed boot process (after the animation file is finished).
  • Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.

• Set a custom shutdown animation — Provide Animation and Sound files played as the device shuts down.

  • Animation file — The animation file plays when the device is powering off. Only .qmg files are permitted.
  • Sound file — Submit an .ogg file played alongside the .qmg file. This file should be below 48 kHz. If your animation is silent, submit a silent .ogg file.
• Select Brightness and use the slider to set the screen brightness according its surroundings.
• Set auto brightness — Allows the device to automatically adjust the screen brightness according to its surroundings. Note that this feature is only available on devices running Knox 3.3 or lower.

Additional Sound & display settings (Knox 3.4 and above devices only)

General display

Select General display to set the following device display options for devices running Knox 3.4 and higher:

• Adaptive brightness determines whether brightness adjustments are collected and applied automatically under similar lighting conditions.
• Accidental touch protection can optionally protect from unintended touch inputs when the mobile device is placed in a dark place such as a pocket or purse.
• Touch sensitivity can increase the touch sensitivity of the device in special cases, such as while wearing gloves in a hospital or industrial environment or when a thick screen protector is used. This feature is supported on devices running Knox 3.7.1 and higher.
• Screen zoom makes displayed items appear larger or smaller as their image size requires.
• Screen timeout sets a screen display inactivity timeout of 15 seconds, 30 seconds, 1 minute, 2 minutes, 5 minutes, or 10 minutes.

Navigation bar

Select Navigation bar to display Button order options for devices running Knox 3.4 and higher.

From Button order, select one of the following navigation bar display options:

• Normal (Recents, Home, Back) — Keeps the navigation bar button order in its current default position.
• Reverse (Back, Home Recents) — Reverses the navigation bar button order from its default position, so the back function displays on the left, with home in the center and recents on the right.

Once you've selected a Button order, set Allow user to change setting to either Allow device user navigation bar changes, Do not allow user navigation bar changes, or Do not allow and hide setting from user.

Notifications

Select Notifications to display notification app badge icon display options for devices running Knox 3.4 and higher.

Refer to the Application icon badges option and select On or Off to determine whether badges are utilized for displayed application notifications.

Status bar

Select Status bar to display status bar notification and battery percentage options for devices running Knox 3.4 and higher.

Refer to the Show notification icons drop-down menu to specify whether 3 recent notifications display, All notifications, a Number of notifications only, or the setting is Off.

• Determine how to Show notification icons by selecting either All notifications, 3 recent notifications, a set Number of notifications only, or Off.
• Select the 3 recent notifications from the drop-down menu and set how they are displayed.
• Show battery percentage determines whether the remaining battery percentage is displayed (On) or removed (Off) from the status bar.

General sounds and vibrations

Select General sounds and vibrations to display device sound and vibration options on devices running Knox 3.4 and higher. Options include:

• Vibrate while ringing determines whether the mobile device vibrates when receiving an incoming call.
• Set the Vibration pattern experienced on the mobile device upon receipt of an incoming call. Options include, Basic call, Heartbeat, Ticktock, Waltz, and Zig-zig-zig.
• Set the Use volume keys for media option to either On or Off to determine whether the media volume can be controlled by default when a volume key is pressed.

System sounds and vibrations

Select System sounds and vibrations to display device sound and vibration options for devices running Knox 3.4 and higher. Options include:

• Touch sound determines whether tones are emitted when touching certain screen items.
• Screen lock sound determines whether tones are emitted when locking or unlocking the screen.
• Charging sound determines whether tones are emitted when the device begins charging.
• Dialing keypad tone determines whether tones are emitted when tapping the dialing keypad.
• Keyboard sound determines whether tones are emitted when tapping the Samsung keyboard.
• Keyboard vibration determines whether the mobile device vibrates when tapping the Samsung keyboard.

Applications & content

Selecting more applications and content to be downloaded during configuration will increase the configuration time required.

Application restrictions

• Disable the usage of other applications — Enter the package names of additional applications to prevent them from being used on the device.

• Application installation restrictions

  • Nothing — No application installation restrictions are applied to devices utilizing this profile.
  • Installation blocklist — Select this option to upload a CSV file of device app package names that the device user is unable to install on their device. An admin can also manually enter the package names to exclude as well. The list of package names is refreshed and updated whenever the policy is updated.
  • Installation allowlist — Select this option to block all other apps except for the ones in this list. Applications not in this allowlist can't be installed even if the end user has access to the app store. The list of package names is refreshed and updated whenever the policy is updated.
  • Block applications from unknown sources — Prevent the user from installing apps from sources other than the Google Play store.

• Application update restrictions

  • Nothing — No application update restrictions are applied to devices utilizing this profile.
  • Update blocklist — Once applications are added to the update blocklist, they cannot be updated on the device beyond its current version. Enter the app package names using either a CSV file, or by entering them manually. The blocklist is updated whenever the policy is updated.
  • Update allowlist — Once applications are added to the update allowlist, they are permitted to be updated to a newer version. Enter the app package names using either a CSV file, or by entering them manually. The blocklist is updated whenever the policy is updated.
  • Prevent applications from being uninstalled — Enter the package name of applications you want to prevent the user from uninstalling.
  • Prevent applications from being stopped — Prevents applications from being stopped by the system, other applications or the device user. If this option is selected, apps that would normally be stopped under conditions like Battery Saver mode will continue to run and consume battery life.

Customize applications for configuration

• Add application permissions — If necessary, add application permissions to be granted when defined in the application manifest file.

• Application URL restrictions

  • Applications — Enter the destination of the specific applications (com.sample.packagename). The Applications field is mandatory for Kiosk and normal mode profile support.
  • URL blocklist — Provide a blocklist of URLs for the device. For example, you may wish to blocklist non-enterprise websites (social media sites).
  • URL allowlist — Provide an allowlist of URLs for the device. If you set this restriction, device users can only access websites on the allowlist.

Content

• Add files to the Contents folder — Upload specific content, such as video, music, or digital books to the Content folder on the device.

Device connectivity

Set the following connectivity settings for the kiosk profile and its intended device deployments:

Wi-Fi

• Disable WiFi — Select this option to disable Wi-Fi on the device. Once disabled, neither the user or third-party application can enable Wi-Fi.
• Default Wi-Fi settings — Set the current device Wi-Fi configuration as the default or leave the Wi-Fi On or Off.
• Network (optional) — Enter the SSID name and Password for the default Wi-Fi network.

• Advanced Wi-Fi settings — Enter an SSID Name and select the Security setting for this network. If applicable, enter a Password. If necessary, a device can connect to a specified network with Proxy (optional) credentials delivered by Knox Configure using a proxy to communicate externally. Click Add another to set up multiple Wi-Fi profiles.

  • MAC address type — Select whether you want to use a randomized MAC address or device MAC address for connectivity. A device MAC address ensures devices can connect if the company WLAN uses MAC filtering. By default, a randomized MAC address is used. This feature is available on devices running Android 10 or higher.
  • Disable Wi-Fi network blocking — Select this option to disable Wi-Fi network blocking for the defined SSID configuration. Samsung devices have Wi-Fi network blocking enabled by default, and disabling Wi-Fi network blocking may reduce AP connection and battery consumption issues for the specified SSID Wi-Fi configuration. This setting is available on devices running Knox 3.5 and higher, and XCover Pro devices running Knox version 3.4.1 and higher.

Bluetooth

• Disable Bluetooth — Select this setting to restrict the device user and third-party applications from invoking the device's Bluetooth feature.
• Default Bluetooth settings — Select Keep current settings to set the current device Bluetooth state as the default. Use On or Off to enforce a Bluetooth state and override current device Bluetooth settings.
• Disable Bluetooth discoverable mode — Select this option to disable the device's capability to search, connect and share data with other Bluetooth enabled devices.

Location

• Disable Location — Select this option to completely disable location services through either Wi-Fi and mobile networks.
• Default location settings — This setting turns location tracking ON, OFF or keeps the current setting on the device as the default. Select Prevent user from changing location settings to prohibit the device use from changing the administrator defined location configuration once deployed to the device user.
• Disable Mock location — Selecting this option disables mock location applications within the developer options, and significantly reduces a user's ability to provide inaccurate device location information.

NFC

• Disable NFC — Select this option to disable all NFC settings on the device.
• Default NFC settings — Set the current NFC setting as the default, or turn NFC On or Off by default.
• Prevent users from changing NFC settings — Selecting this option restricts the device user from changing NFC settings locally on their device.

Airplane mode

• Disable Airplane mode — Select this option to disable a device user's ability to disable Airplane mode on their device.
• Default Airplane mode settings — Either Keep current settings, or turn the airplane mode On or Off.

Additional Device connectivity settings (Knox 3.4 and above devices only)

Advanced Wi-Fi

Select Advanced Wi-Fi to display additional NFC beaming options for devices running Knox 3.4 and higher. Options include:

• Switch to mobile data allows the device to use mobile data whenever the current Wi-Fi network is identified as slow or unstable.
• Allow individual apps to switch allows the device to switch apps to mobile data when a Wi-Fi connection cannot be established.
• Turn on Wi-Fi automatically allows the device to enable Wi-Fi in locations where Wi-Fi has been used frequently.
• Detect suspicious networks allows the device to receive notifications when suspicious activity is detected on the Wi-Fi network.
• Wi-Fi power save mode reduces battery consumption by analyzing Wi-Fi traffic patterns.
• Hotspot 2.0 allows the device to connect to Hotspot 2.0 supported access points without requiring a password.

Device settings

Set the following device settings for the kiosk supported profile:

• Set locale — Select the language and country for the device's regional setting.

  NOTE — The language and country pair chosen in the KC profile must be a language and country combination that is supported by the device. If not, it could result in a configuration error. You can check which language and country combination is supported in the language menu of your device settings.
• Time zone — Set the geographic time zone for the device's intended deployment area.
• Automatic Time Update — Set the device to automatically updates its time and date information from the network.

• Hide settings elements — Hide the following options from the device settings:

  • All
  • Bluetooth
  • Location
  • Wi-Fi

• Keyboard — Select Customize keyboard options to enable the Predictive mode and Keyboard settings options. Once enabled, the predictive mode and keyboard settings options function independent from one another, so there are no constraints on using these options together.

  • Predictive mode — Turn predictive mode On or Off as needed. Predictive mode attempts to complete a word on behalf of the user based on the initial characters entered when forming a word.
  • Keyboard settings — Either Enable or Disable keyboard functionality on the device(s) utilizing this profile.

• Hide power dialog elements — Hide the following options from the dialogue that appears when the user long presses the power button:

  • Power off — Hides the kiosk device's power off button on the power screen.
  • Restart — Hides the kiosk device's restart button on the power screen.
• Disable OMC mode — Prevent the device from being customized by a source other than Knox Configure (i.e. Open Market Customization).

• Power and battery settings — Set the following device power on/off options:

  • Power on the device when connected to a power source — Set devices to automatically power on when connected to a power source.
  • Power off the device when disconnected from a power source — Select this option to automatically power off a device when disconnected from its power source.
  • Extend battery life by limiting the maximum charge when connected to a power source — Select this setting to better control battery thresholds and stop the charging process once the device battery reaches a maximum of 85% of total power to avoid issues with keeping the battery on the charger too long. This setting is available to tablet devices running Knox version 3.4 and above.

Bixby key remapping

You can remap the side key to custom functionality for Knox 3.7 and above. The options available for this custom remapping are as follows:

• Double-press the Bixby key — You can choose to allow or restrict the device user from double-pressing the appropriate key. You can turn this setting on or off.

  • Turn on or off
  • Quick launch camera
  • Open Bixby
  • Open specific app

• Press and hold the Bixby key

  • Wake Bixby
  • Power off menu

• Allow user to customize — You can choose one of three settings:

  • Allow the device user to customize the action
  • Do not allow the device user to customize the action
  • Do not allow the device user to customize the action as well as hide the setting from the user

How do I remap the side key on devices?

1. In the KC console, navigate to Profiles, and select the profile you want to modify.
2. Once the profile configuration dashboard appears, click on Device Settings.
3. Click the Edit button on the top right-hand side.
4. Scroll down, and select the Bixby Key option in order to expand settings options.
5. From there, you can set configurations such as the double-press of the side key or press and hold of the side key.

Additional Device settings (Knox 3.4 and above devices only)

Language and input

Select Language and input to display additional keyboard utilization settings for devices running Knox 3.4 and higher.

Show keyboard button toggles a keyboard button on the device navigation bar to allow for easier switching between mobile device keyboard resources. Once set, Allow user to change setting can Allow device user keyboard changes, Do not allow user changes, or Do not allow and hide setting from user.

Text-to-speech

Select Text-to-speech to display speech engine, pitch, and speech rate settings for devices running Knox 3.4 and higher.

• From the Preferred engine menu, specify whether the Samsung text-to-speech engine or Google Text-to-speech engine is utilized as the speech recognition engine for text-to-speech conversion.
• Use the Pitch slider to set the text-to-speech pitch rate in the range of 25-400.
• Use the Speech rate slider to define the text-to-speech rate conversion used by the speech recognition engine. The setting is defined in the range of 10-600.

Restrictions

Device functionality

Restrict device features

• ALL — Disable all of the settings listed under Device functionality.
  • Prevent end users from using the camera.
  • Prevent video recording if the camera is enabled.
  • Prevent end users from capturing the screen.
  • Prevent end users from using the microphone.
  • Prevent audio recording if the microphone is enabled.
  • Prevent end users from receiving SMS.
  • Prevent end users from sending SMS.
  • Prevent end users from receiving MMS.
  • Prevent end users from sending MMS.
  • Prevent end users from using the clipboard.
  • Prevent end users from accessing the Settings menu.
  • Prevent end users from using the 2nd SIM slot.

Disable hardware keys

• ALL — Disables all hardware key functions.

  • Volume up — Turn off Volume up hardware key functionality, rendering the device incapable of increasing its volume.
  • Volume down — Turn off Volume down hardware key functionality, rendering the device incapable of decreasing its volume.

Security

The following security settings enable an IT admin to restrict specific access and storage capabilities to reduce vulnerabilities. For information on disabling biometric authenticators (fingerprint scanner, iris scanner, and facial recognition) on supported device models running Knox 2.9 or higher, go to: Security settings.

• ALL — Disables all of the settings listed under Security.

  • Disable SD card access — Prevents the device from reading data from a SD card or writing data to a SD card.
  • Disable Software Updates (Firmware updates via Wi-Fi and Mobile networks). — You can set a FOTA block for devices so that even if the device user tries to manually update the device's firmware, it is blocked on the device. Only after the new device is enrolled in Knox Configure, KC will decide to permit the appropriate FOTA update to the device or not based on FOTA block option. If you set the FOTA block as on, then KC will block FOTA updates. If not, KC won't block it and the end user can select whether to accept the FOTA update or not. This restriction negates the chances of an OS mismatch on the device and ensures that all partner apps remain functional. Additionally, for devices running Knox 3.4 or higher and the Samsung T295 device, you can prevent the device user from updating the firmware of the device in download mode.
  • Disable factory reset — Prevents a user from factory resetting their device. When factory reset, Wi-Fi, and mobile data is disabled in Knox Configure. Consequently, the device is no longer able to update the profile they are enrolled in, and are unable to unenroll if need be. The device requires a network connection be re-established to receive updates and changes from Knox server resources.
  • Disable device power off for users. — Prevents the user from turning the device off. The device will only turn off if you disable this setting or if the battery level is critically low.
  • Disable firmware update in download mode. — Prevents the device user from updating the firmware of the device while the device is in download mode. This feature is supported on devices running Knox 3.4 or higher.

Device connectivity

Roaming

Set the following roaming features for the kiosk profile and its data protection requirements:

• ALL — Disables all of the settings listed under Roaming.

  • Prevent end users from using mobile data while roaming.
  • Prevent end users from syncing while roaming.
  • Prevent end users from receiving WAP push messages while roaming.
  • Prevent end users from making voice calls while roaming.

Tethering

Set the following data tethering settings to define how the profile shares Internet connection information with other mobile devices:

• ALL — Disables all of the settings listed under Tethering.

  • Prevent end users from using Bluetooth tethering.
  • Prevent end users from using USB tethering.
  • Prevent end users from using Wi-Fi tethering.

Security settings

Refer to the Security setting screen to disable some or all of the biometric authentication settings available to supported devices. To restrict end users from using other (non biometric) device functions, go to: Restrictions.

• All — Select All to disable all biometric security settings.

  • Disable Fingerprint scanner — Disables a device's ability to use its fingerprint scanner as a user authentication option.
  • Disable Iris scanner — Disables a device's ability to use its optical iris scanner as a user authentication option.
  • Disable Face recognition — Disables a device's ability to use its facial recognition capability as a user authentication option.

• Password Settings — Select the Disable password visibility when typing option to prevent password characters from being displayed when entering them on the device. This feature is only supported on devices running Knox 3.3 or lower.

Additional Security settings (Knox 3.4 and above devices only)

Location

Select the Location checkbox to display additional Wi-Fi and Bluetooth scanning settings for Knox 3.4 and above supported devices. Once these options are set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.

• Wi-Fi scanning — Enable this setting to let applications use Wi-Fi for more efficient location detection, even when Wi-Fi is turned off.
• Bluetooth scanning — Enable this setting to let applications use Bluetooth for more efficient location detection, even when Bluetooth is turned off.

Other security settings

Select the Other security settings checkbox to display password visibility settings for Knox 3.4 and above supported devices. Select On to make password characters briefly visible as they are typed and hides them shortly thereafter. Selecting Off disables the feature. Once set, refer to the Allow user to change setting option to either Allow device user password visibility changes, Do not allow user changes or Do not allow and hide setting from user.

APN Management

The Access Point Name (APN) is the name of the gateway between a carrier providing 2G, 3G, or 4G mobile network service for mobile devices, tablets or wearables. Devices must be configured with the correct APN details to establish connectivity. Only a single APN resource is available at one time, though an identical APN configuration with the same parameters can be defined.

Select Add new APN from the ACTIONS drop-down menu

Set as preferred APN — Select this option to make this APN the preferred Access Point resource supporting your device. This option is disabled by default.

• Name
• APN (Access Point Name)
• MCC (Mobile Country Code)
• MNC (Mobile Network Code)

• Authentication type

  • None
  • PAP — Password Authentication Protocol uses a static username and password for authentication purposes.
  • CHAP — Challenge Authentication Protocol creates a unique "challenge phrase" for each authentication attempt instead of using a standard username or password.
  • PAP or CHAP

• APN type

  • Default — Used to connect to the Internet in general
  • MMS — Multimedia Service
  • SUPL — Stands for Secure User Plane Location, used by the device to connect to GPS services.
  • DUN — Dial-Up Networking connections
  • HIPRI — Indicates that apps should use the current APN settings when connecting to the Internet.

• APN Protocol

  • IPv4
  • IPv6
  • IPv4/IPv6
• APN roaming Protocol — Specifies whether the device should use an IPv4 or IPv6 network.
• Mobile virtual network operator type — Use the drop-down menu to select the appropriate mobile virtual network operator type (MVNO) allowing an APN configuration to be restricted when using particular MVNOs or subscriber accounts. Without the MVNO setting, custom defined APN configurations are selected according to MCC and MNC only, which specifies the mobile network a mobile device subscribes to, but not the particular retailer or reseller, or account on a network. Drop-down MVNO menu options include None, SPN (Service Provider Name), IMSI (International Mobile Subscriber Identity), or GID (Group Identifier Level 1). When a value other than None is selected, a MVNO value is also required.
• Mobile virtual network operator value — Set the value that either matches service provides name (SPN), the unique subscriber account (IMSI) or global identifier level 1. The MVNO value is not required if the MVNO type is set to None.

MMS

• MMSC — Multimedia Messaging Service Center
• MMS Proxy
• MMS Port
• Server
• Proxy
• Port
• Username
• Password

Enterprise Billing

Use Enterprise Billing to separate billing between enterprise apps and personal apps. The Configuration service will ignore E-billing configurations on devices running the Android Q version operating system and above. The Knox Configure console provides a warning for now unsupported status of E-billing on the Q version operating system.

Provide the following data for Enterprise Billing support:

• Profile name
• Applications in Personal mode — Enter the package names of apps that will be used for business reasons. Your enterprise will be responsible for the data costs incurred by these apps.

• Roaming — If you allow users to connect to data while roaming, enter the following information:

  • APN name
  • MNC
  • MCC
• CLEAR E-BILLING PROFILE & REVERT TO DEFAULT APN — Select this option to clear the existing APN profile configuration and revert to the default APN configuration.

Summary

On the left, review the settings configured for each category. Click on the General information and Additional EULA tabs to see the information that you've entered. If you need to make any additional changes, click Back. If you've verified that the settings are correct, click Submit. Select Back to top from the lower, right-hand, side of a screen to navigate back to the top of that respective screen. Select the DOWNLOAD PROFILE SUMMARY AS A PDF option to archive the profile summary settings in PDF for potential re-use in creating profiles for other accounts.