Autonomous Single App Mode Settings

Supported In:

Autonomous Single App Mode (ASAM) is a feature of iOS that allows an app to enable and disable a Single App Mode session from within the app itself.

A traditional Single App Mode session is started through an MDM (mobile device management) interface or by physically connecting a device to a Mac running Apple's Configurator software.  For larger and/or distributed kiosk deployments, Autonomous Single App Mode is often a better choice as it allows you to give permission to a staff member on location to exit the app to remediate problems and can relock automatically when the app is launched again.  

For example, if a device in traditional Single App Mode in the field loses its WiFi connection, that device will no longer be able to communicate with the MDM server that started Single App Mode - to manually troubleshoot WiFi settings in this scenario, the device would either need to be physically connected to an Ethernet connection to receive the command to exit Single App Mode or would need to be sent back to an IT team to wipe and reprovision the device.  In contrast, if using Autonomous Single App Mode, an employee on location can be given a passcode to exit the ASAM session, manually reconnect to WiFi, and relaunch the ASAM session automatically when the app is relaunched.  

Requirements

For an app to successfully trigger an Autonomous Single App Mode session, Apple requires that the device:

• currently be supervised either using Configurator or through the Device Enrollment Program.
• currently be enrolled in MDM (mobile device management).
• have a configuration profile set up and installed through the MDM that sets the restrictions key ‘autonomousSingleAppModePermittedAppIDs’ and includes the app’s bundle identifier (‘com.kioskgroup.kioskproplus’ or ‘com.kioskgroup.kpenterprise’).

It is not possible to install a configuration profile with this key through Apple's Configurator software at this time.

The process of setting up a configuration profile differs from one MDM provider to another so you may need to consult with your MDM provider’s support team to determine if they currently support profiles that include this key and how to configure this profile.

Jamf Pro includes this in the ‘Apps’ sections of a Restrictions configuration profile:

In SimpleMDM, this is done by creating a configuration profile under Configs > Profiles > Add Profile > Single App Lock > selecting 'Autonomous Single App Mode (ASAM)' and including the app's bundle id (‘com.kioskgroup.kioskproplus’ or ‘com.kioskgroup.kpenterprise’) under 'Permitted app identifiers':

The configuration profile is then applied to a group under Devices > Groups > select the Group you are using > Configurations > Single App Lock > Select the profile you just created > Save:

In AirWatch, you'd create a new Single App Mode profile and using the filter type option at the top of the panel, select the option to list apps that are eligible to enter Autonomous Single App Mode.

Starting & Ending a Session

As a high-level overview, a new Autonomous Single App Mode session can be started by:

• locking manually from within app settings - see Lock Automatically > Never for more information
• launching the app or relaunching it from the background - see see Lock Automatically > On App Launch or Relaunch from Background for more information
• including our JavaScript API call to start an ASAM session within your content

A current Autonomous Single App Mode session can be ended by:

• unlocking manually from within settings - in this case, the app must be configured to show settings on touch gesture & passcode to access the necessary menu
• setting a secondary passcode specifically to exit a session
• including our JavaScript API call to end an ASAM session within your content
• deleting the ASAM profile from the device through your MDM portal

Lock Automatically

Supported in:

Choose when to automatically lock the app to Autonomous Single App Mode.

Never

The app can only be locked into ASAM using the "Lock" button in top right corner (screenshot below) and will show an alert confirming the start and end of a session.

On App Launch or Relaunch from Background

This option automatically locks Kiosk Pro into ASAM when the app is launched or relaunched while running in the background. No alert will be shown when the app is locked to prevent confusion for visitors who may be switching from another app.

While using this option, the app can still be locked/unlocked manually using the button in settings.

Passcode To Exit Autonomous Single App Mode

Supported in:

This passcode allows for an Autonomous Single App Mode session to be ended without allowing access to the app's settings menu. 

After performing the 4-finger touch gesture used to access settings, you can enter this passcode instead to immediately unlock Autonomous Single App Mode. Having a separate passcode for ASAM can be useful for devices in the field that may lose internet connection and require that an employee be able to exit the app to get to iOS/iPadOS Settings to troubleshoot a device's internet connection without being able to reconfigure the app itself in any way. 

While this setting uses the same passcode interface and 4-finger touch gesture as the app's Show Settings feature, it can be used independently.  If this setting is configured, but Show Settings is set to 'On App Launch or Relaunch from Background' or 'Never', the passcode prompt will still be shown if the 4-finger touch gesture is performed, but there will be no way to access the app's settings through this prompt.   

While we suggest a 4-digit code for simplicity, the passcode field can validate a much longer string (up to 30 characters) and accepts both numbers and letters (which are case-sensitive), allowing you to create a more secure passcode if needed.

This passcode is not recoverable for security reasons. If you lose or forget the passcode, you will need to either reset it using Remote Settings Control if configured or delete and reinstall the app to regain access to the settings menu.