← Back to SnapKiosk App Config Guide

Configuring SnapKiosk
via MDM.

SnapKiosk reads its homepage, idle behavior, and lockscreen branding from Apple's standard Managed App Configuration. Push a single dictionary from your MDM and every iPad in your fleet picks it up — no per-device typing, no QR codes, no on-device admin steps. This page documents every key, the validation rules, and how to wire it up in the major MDMs.

On this page

  1. How it works
  2. The configuration schema
  3. A minimal example
  4. A complete example (with branding)
  5. Console-specific notes
  6. Validation & rejected values
  7. Verifying the config arrived
  8. Troubleshooting

1.How it works

iOS exposes MDM-delivered settings to every app via a standard UserDefaults key: com.apple.configuration.managed. When you push a Managed App Configuration profile, iOS writes the dictionary you supplied under that key — and SnapKiosk reads it at launch.

SnapKiosk uses a single dictionary with up to nine string/number/bool fields. Push it once, paired with the app install, and the kiosk arrives ready to run. If the dictionary is missing, SnapKiosk falls back to the welcome screen (where an on-device admin would type the URL manually).

Precedence

If both MDM config and an on-device saved config exist, MDM wins. The Settings UI on-device shows a "Managed by your IT team" banner and disables editing. To change a managed kiosk's settings, update the profile in your MDM and re-push.

2.The configuration schema

Every key SnapKiosk reads from com.apple.configuration.managed. Field names are case-sensitive.

Key Description
homeURLRequired
String
 The page the kiosk loads on launch and after every idle reset. Must be a fully-qualified http:// or https:// URL with a host. Anything else is rejected and the kiosk reverts to the welcome screen.
idleResetSecondsOptional
Number
 Seconds of no touch input before SnapKiosk wipes cookies, cache, IndexedDB, HTTP credentials, and back-history and reloads the home page. Default 300. Minimum effectively 10 seconds.
idleWarningSecondsOptional
Number
 Seconds before the reset at which the "Still there?" warning popup appears with a "Keep going" button. Default 30. Set to 0 to disable the warning entirely — the screensaver / wipe still fires at the full idleResetSeconds threshold.
screensaverEnabledOptional
Bool
 When true (default), the kiosk shows a full-screen "Tap to begin" attract overlay at the idle threshold and waits for the next user's touch before wiping + reloading. When false, the wipe + reload fires silently at the threshold with no visible overlay.
lockscreenTitleOptional
String — MDM-only
 Replaces the default "Tap to begin" headline on the attract screen. Empty strings are treated as "unset" so you can clear the override by sending "".
lockscreenSubtitleOptional
String — MDM-only
 Replaces the default "Touch anywhere on the screen to start" subtitle. Also surfaced inside the error overlay when the homepage can't load (paired with "Contact your IT administrator") — admins typically put their helpdesk address here so customers see who to call when a kiosk goes down.
lockscreenLogoURLOptional
String — MDM-only
 HTTPS URL to a PNG or JPG logo. SnapKiosk fetches and caches it for the attract screen, replacing the default pulsing tap icon. Renders at up to 260×180 pt.
lockscreenTintHexOptional
String — MDM-only
 Accent color for the attract screen — used on the tap icon, retry buttons, and logo glow. Accepts #RGB, #RRGGBB, or #RRGGBBAA hex. Falls back to the SnapKiosk default blue if invalid.
lockscreenBackgroundHexOptional
String — MDM-only
 Background color for the attract and error screens. Same hex formats as above. Falls back to black if invalid.

The five lockscreen* keys are intentionally MDM-only — they're not surfaced in the on-device Settings UI because branding belongs to IT, not to the customer-facing tablet.

3.A minimal example

The smallest valid payload — just point the kiosk at a URL and accept every default.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>homeURL</key>
    <string>https://kiosk.example.com</string>
</dict>
</plist>

Defaults applied: 5-minute idle reset, 30-second "Still there?" warning, attract screensaver on, SnapKiosk-blue accent on the default attract icon.

4.A complete example (with branding)

Every supported key, with reasonable production values. Push this to a fleet to get a fully-branded kiosk with the IT contact line visible to customers when something breaks.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <!-- Core kiosk behavior -->
    <key>homeURL</key>
    <string>https://kiosk.acme.corp/check-in</string>

    <key>idleResetSeconds</key>
    <integer>180</integer>

    <key>idleWarningSeconds</key>
    <integer>20</integer>

    <key>screensaverEnabled</key>
    <true/>

    <!-- Lockscreen / attract branding -->
    <key>lockscreenTitle</key>
    <string>Welcome to Acme</string>

    <key>lockscreenSubtitle</key>
    <string>Tap anywhere to start. Need help? helpdesk@acme.corp</string>

    <key>lockscreenLogoURL</key>
    <string>https://cdn.acme.corp/branding/logo-white.png</string>

    <key>lockscreenTintHex</key>
    <string>#FF6B00</string>

    <key>lockscreenBackgroundHex</key>
    <string>#0A0F1F</string>
</dict>
</plist>

The helpdesk-in-subtitle trick

The error overlay (shown when the homepage can't load) automatically prepends "Contact your IT administrator" and then displays your lockscreenSubtitle as the body text. So putting your support email or extension in that field gives customers a path to report a down kiosk — without adding a new MDM key.

5.Console-specific notes

Each MDM has its own UI for delivering Managed App Configuration. The mechanism is identical (it ends up in com.apple.configuration.managed on the device) — only the path through the console differs.

Jamf Pro

Apps → Mobile Device Apps → SnapKiosk → App Configuration tab → paste the inner <dict> contents (without the outer plist wrapper). Scope to your kiosk smart-group.

Microsoft Intune

Apps → App configuration policies → Add (Managed apps or Managed devices) → select SnapKiosk → upload the XML, or use the property-list editor to enter keys one at a time.

Mosyle

Management → Application Management → SnapKiosk → Managed App Configuration → paste the XML. Assign to the kiosk device group.

Kandji

Library → Add Library Item → App Config (Managed Apps) → select SnapKiosk → paste the XML. Add to the kiosk blueprint.

JumpCloud

Policy Management → New iOS policy → App Configuration → choose SnapKiosk → paste the XML or build the dictionary in the property editor. Bind to the kiosk device group.

Workspace ONE

Resources → Apps → Public Apps → SnapKiosk → Assignment → Application Configuration → upload the XML or build the dictionary inline. Save and publish to the device group.

6.Validation & rejected values

SnapKiosk validates the config at launch. If anything is structurally wrong, the kiosk falls back to either an on-device saved config or the welcome screen — whichever applies. This is deliberate: a typo in MDM shouldn't strand a fleet on a blank page.

What doesn't roll back

If you push a config with a typo in homeURL and the device already has an on-device saved config, the kiosk uses the on-device one. If there's no on-device config either, the welcome screen appears and the kiosk waits for human input — your fleet won't crash, but it won't run either. Fix the MDM payload and re-push.

7.Verifying the config arrived

Three ways to confirm a kiosk picked up the pushed config:

  1. On-device — open Settings via the two-finger admin gesture. A "Managed by your IT team" banner at the top of Settings means MDM config is active and the fields are non-editable.
  2. The last-load beacon — SnapKiosk writes the current URL to com.snapapps.SnapKiosk.lastLoad in standard UserDefaults on every successful page load. Any MDM that can query app preferences can read it. Details in the ASAM guide.
  3. Diagnostics log — Settings → Diagnostics shows recent crashes, hangs, and CPU exceptions captured by MetricKit. A clean list with a recent timestamp means the app launched and ran. Also written to diagnostics.json in the app's Documents container.

8.Troubleshooting

The kiosk shows the welcome screen instead of my URL

The managed config didn't arrive, or it failed validation. Check, in order:

  1. The app was installed via MDM (not sideloaded or App Store-installed by the user) — Managed App Configuration only attaches to MDM-delivered installs.
  2. The configuration profile is scoped to the right device group.
  3. The homeURL is a full https:// URL with a host — not kiosk.example.com alone, not www.-only.
  4. Field names are exact, case-sensitive (homeURL, not homeUrl or HomeURL).

Settings shows my values but the lockscreen still has the SnapKiosk defaults

The branding fields are optional and silently fall back to defaults on any parse failure. Common causes:

I updated the MDM config but the iPad still shows the old values

Managed App Configuration is delivered on the next MDM check-in, not immediately. Either wait for the next regular sync window, force a sync from your console (Jamf: Update Inventory; Intune: Sync; etc.), or restart SnapKiosk on the device — the config is re-read on every app launch.

I want a single device to override the MDM config temporarily

You can't. MDM config takes precedence over the on-device saved config — this is by design, so a customer can't permanently break a managed kiosk via Settings. To change one device, change the MDM profile scoped to it.

Next steps

Pair this config with an ASAM authorization profile to fully lock the device to SnapKiosk. See the ASAM setup guide →