Autonomous Single App Mode Settings

Autonomous Single App Mode (ASAM) is a feature of iOS that allows an app to enable and disable a Single App Mode session from within the app itself.


For an app to successfully trigger an Autonomous Single App Mode session, Apple requires that the device:

  • currently be supervised either using Configurator or through the Device Enrollment Program.
  • currently be enrolled in MDM (mobile device management).
  • have a configuration profile set up and installed through the MDM that sets the restrictions key ‘autonomousSingleAppModePermittedAppIDs’ and includes the app’s bundle identifier (‘com.kioskgroup.kioskproplus’ or ‘com.kioskgroup.kpenterprise’).

It is not possible to install a configuration profile with this key through Apple's Configurator software at this time.

The process of setting up a configuration profile differs from one MDM provider to another so you may need to consult with your MDM provider’s support team to determine if they currently support profiles that include this key and how to configure this profile.

JAMF Pro includes this in the ‘Applications’ sections of a Restrictions configuration profile:

In SimpleMDM, this is done by creating a configuration profile under Configs > Profiles > Add Profile > Single App Lock > selecting 'Autonomous Single App Mode (ASAM)' and including the app's bundle id (‘com.kioskgroup.kioskproplus’ or ‘com.kioskgroup.kpenterprise’) under 'Permitted app identifiers':

The configuration profile is then applied to a group under Devices > Groups > select the Group you are using > Configurations > Single App Lock > Select the profile you just created > Save:

In AirWatch, you'd create a new Single App Mode profile and using the filter type option at the top of the panel, select the option to list apps that are eligible to enter Autonomous Single App Mode.

Starting & Ending a Session

As a high-level overview, a new Autonomous Single App Mode session can be started by:

  • locking manually from within app settings - see Apply > Lock Manually for more information
  • setting a secondary passcode specifically to exit a session
  • including our JavaScript API calls to start an ASAM session within your content

A current Autonomous Single App Mode session can be ended by:

  • unlocking manually from within settings - in this case, the app must be configured to show settings on touch gesture & passcode to access the necessary menu
  • setting a secondary passcode specifically to exit a session
  • including our JavaScript API calls within your content
  • deleting the ASAM profile from the device through your MDM portal


Supported in:

Kiosk Pro Plus and Enterprise

Choose when to lock the app to Autonomous Single App Mode.

Default Value:
  • Lock Manually
Other Possible Values:
  • Lock On App Launch

Lock Manually

This option locks the app from within the app settings (button in top right corner, see below) and will show a native alert for several seconds confirming the start and end of any session.

Lock On App Launch

This option automatically locks the app when Kiosk Pro is initially launched. When launched and a session is initiated automatically, no alert will be shown (as the app can be started during app switching from another app by a visitor and notification in that instance could be confusing).

Values for Remote Settings Control & Managed App Configuration

Key autonomousSingleAppMode
Key Type integer
Default Value 0
Possible Values
  • 0 = Lock Manually
  • 1 = Lock On App Launch

Passcode To Exit Autonomous Single App Mode

Supported in:

Kiosk Pro Plus and Enterprise

This passcode allows for an Autonomous Single App Mode session to be ended without allowing access to the app's settings menu. After performing the 4-finger touch gesture used to access settings, you can enter this passcode instead to immediately unlock Autonomous Single App Mode.

Default Value: [empty]

This can be useful for devices in the field that may lose internet connection and require that an employee be able to exit the app to get to iOS Settings > Wifi without being able to reconfigure the app itself in any way.

While we suggest a 4 digit code for simplicity, the passcode field can validate a much longer string (up to 30 characters) and accepts both numbers and letter (which are case-sensitive), allowing you to create a more secure passcode if needed.

This passcode is not recoverable for security reasons. If you lose or forget the passcode, you will need to either reset it using Remote Settings Control if configured or delete and reinstall the app to regain access to the settings menu.

Values for Remote Settings Control & Managed App Configuration

Key kp_passCodeToExitAutonomousSingleAppMode
Key Type string
Default Value [empty]
Possible Values any alphanumeric string up to 30 characters

Change Log

  • Added in version 7.5. Ability to end ASAM session through a secondary passcode added in version 8.4. Ability to exit ASAM session through a JavaScript API call added in version 9.1

Still stuck? How can we help? How can we help?