Kiosk & Location Displays

Deploy dedicated displays with auto-login and location-specific dashboards.

Overview

ControlBird's Kiosk & Location Displays feature lets dedicated devices (wall-mounted tablets, control-room monitors, lobby screens) automatically log in and show a dashboard tailored to their physical location, with no username or password entered at the device. A device presents a Client-type TLS certificate during the connection handshake; ControlBird matches that certificate to a pre-allocated session slot, and if the slot has an auto-login user configured, that user is signed in immediately and shown their assigned dashboard.

Use this feature whenever you need zero-touch provisioning for displays that should always show the same location-pinned content: a kitchen tablet that boots straight into room controls, a platform sign that shows arrivals for that platform, or an operator workstation pinned to a single piece of equipment. Sessions are configured in the Permissions Manager app (Sessions tab), and the client certificates they reference are created in the Certificate Manager app.

Prefer a guided tutorial?

New to this? Follow the Kiosk & Location Displays walkthrough for a step-by-step tour, then come back here for the full reference.

Key concepts

  • Session slot: a pre-allocated login slot that binds a client certificate to an auto-login user. When a device presents the matching certificate, it claims this slot and the auto-login user is signed in.
  • Client certificate: a Client-type TLS certificate installed on the device. It is presented by the browser during the TLS handshake to claim a session. Server and CA certificates do not work for kiosk auto-login.
  • Auto-login user: the user that ControlBird signs in automatically when the session is claimed. Each display user's assigned dashboard determines what is shown, which is how displays become location-pinned.
  • Auto-login key: an optional URL key that lets a device claim a session by visiting /auto-login/<key>, an alternative trigger to certificate-based auto-login.
  • Current user vs. auto-login user: a session tracks the user logged in right now separately from the user to log in next. This lets a technician switch users for maintenance while preserving auto-login on the next device reboot.

How auto-login works

  1. A kiosk browser connects to ControlBird and presents its installed client certificate.
  2. ControlBird matches the certificate to the session slot configured with that certificate.
  3. If that slot has an auto-login user configured, the user is logged in immediately, with no credentials required.
  4. The user's assigned dashboard is shown for that location.
  5. When the session expires, the browser re-authenticates with the same certificate and auto-login happens again automatically.

One certificate per device

Do not share a single certificate across multiple displays. Each device needs a unique certificate; otherwise the devices contend for the same session slot and only one can be logged in at a time. The others fail to find an available slot and cannot authenticate.

Session status

A session slot reports one of the following states:

StatusMeaning
ActiveA user is logged in and the session is not expiring soon.
Expiring SoonLess than 5 minutes until expiration.
ExpiredPast the expiration date.
IdleNo current user is assigned to the slot.

Configuration examples

Kitchen display (single kiosk)

Create a display user with the Operator role pinned to a layout, mint a client certificate for the tablet, and link them with a session slot. 

1. Create a user
   Name:      kitchen-display
   Role:      Operator
   Dashboard: Kitchen Control

2. Create a certificate
   Name: kitchen-tablet.local
   Type: Client

3. Configure a session
   Client Certificate: kitchen-tablet.local
   Auto-Login User:    kitchen-display

4. Install certificate on tablet and set the browser to
   open ControlBird on startup.

Train station (multiple locations)

One session per platform, each pinned to a location-specific layout.

Platform 1:
   Certificate:     platform1.station.local
   Auto-Login User: platform-1-display   (Dashboard: Northbound Arrivals)

Platform 2:
   Certificate:     platform2.station.local
   Auto-Login User: platform-2-display   (Dashboard: Southbound Arrivals)

Main Hall:
   Certificate:     mainhall.station.local
   Auto-Login User: hall-display         (Dashboard: All Departures Overview)

Auto-login via URL key

An alternative trigger that does not require a client certificate. Configure the session with a URL login key and an auto-login user, then point the device at the key's URL. 

Session:
   URL Login Key:   dashboardA
   Auto-Login User: display-user

Device opens:  /auto-login/dashboardA

Configuring a session in the UI

1. In Permissions Manager, open the Sessions tab.
2. Click "Configure" on a session card.
3. Select a "Client Certificate" from the dropdown
   (only Client-type certs appear).
4. Select an "Auto-Login User" (the auto-login fields
   only appear once a certificate OR URL key is set).
5. Optionally set a "URL Login Key".
6. Click "Save Configuration".

Common patterns

  • Location-pinned dashboards: give each display its own user with a distinct dashboard so the same physical screen always shows the same location's content.
  • Manual user switching for maintenance: a technician opens the user menu, clicks Switch User, signs in with their own credentials to perform elevated tasks, then logs out to return the display to its auto-login user. The session's auto-login user is preserved across this switch.
  • Operator-scoped access: assign the Operator role (or a custom role with appropriate permissions) to display users so kiosks can interact with controls and dashboards without administrative rights.
  • Automatic expiry recovery: sessions have configurable expiration times; when one expires the device auto-reconnects and re-authenticates using its client certificate, so displays recover without intervention.

Troubleshooting & limitations

Auto-login requires a certificate

A URL login key alone (without a client certificate) allocates a session but does not skip the first sign-in: the user must sign in manually the first time; subsequent connections with the same key then auto-login. For true zero-touch auto-login on every connection, configure a client certificate.

  • Auto-login not working: verify the client certificate is installed correctly and the browser prompts to use it. Without that prompt, ControlBird cannot detect the certificate.
  • Wrong dashboard showing: check that the user's assigned dashboard points to the correct view, that the dashboard is published, and that the user has permission to view it.
  • Cannot delete a session: a slot with an active user cannot be deleted; terminate the session first using the Terminate Session button.
  • Shared certificate contention: if multiple devices share one certificate, only one can be logged in at a time; the rest fail to find an available slot. Issue a unique certificate per device.
  • Wrong certificate type: the certificate type must be Client. Server and CA certificates will not work for client authentication.
  • Expiry disconnections: session expiration can cause a brief disconnect. The device auto-reconnects and re-authenticates, but any unsaved dashboard state is lost.