- What's new in XenMobile Server 10.8
- Fixed issues
- Known issues
- System requirements and compatibility
- Install and configure
- Certificates and authentication
- User accounts, roles, and enrollment
- ActiveSync Gateway
- Android for Work
- Bulk enrollment of iOS and macOS devices
- Client properties
- Deploy iOS and macOS devices through Apple DEP
- Device enrollment limit
- Enroll devices
- Firebase Cloud Messaging
- Google Play credentials
- Integrate with Apple Education features
- Network Access Control
- Samsung KNOX
- Security actions
- Shared devices
- XenMobile Autodiscovery Service
- Device policies by platform
- AirPlay mirroring device policy
- AirPrint device policy
- Android for Work app restriction policy
- Android for Work permissions
- APN device policy
- App access device policy
- App attributes device policy
- App configuration device policy
- App inventory device policy
- App lock device policy
- App network usage device policy
- Apps notifications device policy
- App restrictions device policy
- App tunneling device policy
- App uninstall device policy
- App uninstall restrictions device policy
- BitLocker device policy
- Browser device policy
- Calendar (CalDav) device policy
- Cellular device policy
- Connection manager device policy
- Connection scheduling device policy
- Contacts (CardDAV) device policy
- Control OS Updates device policy
- Copy Apps to Samsung Container device policy
- Credentials device policy
- Custom XML device policy
- Defender device policy
- Delete files and folders device policy
- Delete registry keys and values device policy
- Device Health Attestation device policy
- Device name device policy
- Education Configuration device policy
- Enterprise Hub device policy
- Exchange device policy
- Files device policy
- FileVault device policy
- Font device policy
- Home screen layout device policy
- Import iOS & macOS Profile device policy
- Kiosk device policy for Samsung SAFE
- Launcher configuration device policy for Android
- LDAP device policy
- Location device policy
- Mail device policy
- Managed domains device policy
- MDM options device policy
- Organization information device policy
- Passcode device policy
- Personal hotspot device policy
- Profile Removal device policy
- Provisioning profile device policy
- Provisioning profile removal device policy
- Proxy device policy
- Registry device policy
- Remote support device policy
- Restrictions device policy
- Roaming device policy
- Samsung MDM license key device policy
- Samsung SAFE firewall device policy
- SCEP device policy
- Siri and dictation policies
- SSO account device policy
- Storage encryption device policy
- Store device policy
- Subscribed calendars device policy
- Terms and conditions device policy
- VPN device policy
- Wallpaper device policy
- Web content filter device policy
- Webclip device policy
- WiFi device policy
- Windows CE certificate device policy
- Windows Information Protection device policy
- XenMobile options device policy
- XenMobile uninstall device policy
- Add apps
- Add media
- Deploy resources
- Automated actions
- Monitor and support
- REST APIs
- XenMobile Mail Manager 10.x
- XenMobile NetScaler Connector
- On-premises XenMobile interaction with Active Directory
- Management Modes
- Device Requirements
- Security and User Experience
- User Communities
- Email Strategy
- XenMobile Integration
- Multi-Site Requirements
- Integrating with NetScaler Gateway and NetScaler
- SSO and Proxy Considerations for MDX Apps
- Reference Architecture for On-Premises Deployments
- Server Properties
- Device and App Policies
- User Enrollment Options
- Tuning XenMobile Operations
- App Provisioning and Deprovisioning
- Dashboard-Based Operations
- Role-Based Access Control and XenMobile Support
- Systems Monitoring
- Disaster Recovery
- Citrix Support Process
- Sending group enrollment invitations in XenMobile
- Configuring an on-premises Device Health Attestation server
- Configuring certificate-based authentication with EWS for Secure Mail push notifications
Kiosk device policy for Samsung SAFE
You create a Kiosk policy in XenMobile to let you to specify that only a specific app or apps can be used on Samsung SAFE devices. This policy is useful for corporate devices that are designed to run only a specific type or class of apps. This policy also lets you choose custom images for the device home screen and lock screen wallpapers for when the device is in Kiosk mode.
To add or configure this policy, go to Configure > Device Policies. For more information, see Device policies.
Enable the Samsung SAFE API key on the mobile device, as described in Samsung MDM license key device policies. This step lets you enable policies on Samsung SAFE devices.
Enable the Connection Scheduling Policy for Android devices, as described in Connection scheduling device policies. This step enables Android devices connect back to XenMobile.
Add a Kiosk device policy, as described in the next section.
Assign those three device policies to the appropriate delivery groups. Consider whether you want to include other policies, such as App inventory, in those delivery groups.
To remove the devices from Kiosk mode, create a Kiosk device policy that has Kiosk mode set to Disable. Update the delivery groups to remove the Kiosk policy that enabled Kiosk mode and to add the Kiosk policy that disables Kiosk mode.
All apps that you specify for Kiosk mode must already be installed on the user devices.
Some options apply only to the Samsung Mobile Device Management (MDM) API 4.0 and later.
- Kiosk mode: Click Enable or Disable. The default is Enable. When you click Disable, all the following options disappear.
- Launcher package: Citrix recommends that you leave this field blank unless you have developed an in-house launcher to enable users to open the Kiosk app or apps. If you use an in-house launcher, enter the full name of the launcher application package.
- Emergency phone number: Enter an optional phone number. Anyone can use this number to contact your company to find a lost device. Applies only to MDM 4.0 and later.
- Allow navigation bar: Select whether to let users see and use the navigation bar while in Kiosk mode. Applies only to MDM 4.0 and later. The default is On.
- Allow multi-window mode: Select whether to let users use multiple windows while in Kiosk mode. Applies only to MDM 4.0 and later. The default is On.
- Allow status bar: Select whether to let users see the status bar while in Kiosk mode. Applies only to MDM 4.0 and later. The default is On.
- Allow system bar: Select whether to let users see the system bar while in Kiosk mode. The default is On.
- Allow task manager: Select whether to let users see and use the task manager while in Kiosk mode. The default is On.
- Change Common SAFE passcode: This setting helps protect against inadvertent changes to the Common SAFE passcode field. When this setting is Off, you can’t change the Common SAFE passcode field. The default is Off.
- Common SAFE passcode: If you set a general passcode policy for all Samsung SAFE devices, enter that optional passcode in this field.
Define a home wallpaper: Select whether to use a custom image for the home screen while in Kiosk mode. The default is Off.
- Home image: When you enable Define a home wallpaper, select the image file by clicking Browse and navigating to the file location.
Define a lock wallpaper: Select whether to use a custom image for the lock screen while in Kiosk mode. The default is Off. Applies only to MDM 4.0 and later.
- Lock image: When you enable Define a lock wallpaper, select the image file by clicking Browse and navigating to the file location.
- Define a home wallpaper: Select whether to use a custom image for the home screen while in Kiosk mode. The default is Off.
Apps: For each app that you want to add to Kiosk mode, click Add and then do the following:
- New app to add: Enter the full name of the app to add. For example, com.android.calendar lets users use the Android calendar app.
- Click Save to add the app or click Cancel to cancel adding the app.