Permissions and Logins for Check-in
You may want to delegate the setting up of check-in to either other admins or group leaders in your church, so you'll need to look at the permissions required or set up the check-in PIN to enable leaders to launch the check-in kiosk for their group.
When anyone goes to [site url]/checkin they are prompted for a login. This needs to be a login that has Attendance permission over the groups that you want to run check-in for. Once logged-in and the kiosk is launched, there is a yellow warning banner that says "Warning: you are currently logged-in to the Web Office: click here to log-out (but keep using this kiosk)". That saves an authorisation token on that browser to allow the check-in kiosk to keep running with the attendance permissions from that user, but stops anyone using the login for anything else.
Only once the "log-out but keep using the kiosk" link has been clicked is the Leader PIN required to access the leader functions (so that the tablet can be left unattended and the public can't access the leader functions).
So various people use various options:
Option 1: You log-in on all the tablets with your Hubb login, then clicks the "Logout but keep using kiosk" link. You then give your leaders the Leader PIN, which they'll need to access any leader functions.
Option 2: Each leader is given a Hubb login with attendance permission and they use this to launch the check-in kiosk. If they are leaving the tablet unattended, they can click the "Logout but keep using the kiosk" link and then use the Leader PIN to access leader functions. Or if they are watching over the tablet, they can just ignore the orange warning banner about being logged-in, and because they are staying logged-in, they won't be prompted for the Leader PIN to access the leader functions. The benefit of this option is that individual leaders can be given attendance permission only on the groups they are allowed to check-in.
Option 3: One "check-in" Hubb login is created with attendance permissions, and these login details are shared with all leaders. Everyone can then use the same login to launch a check-in kiosk, and then either stay logged-in, or logout and use the Leader PIN depending on whether the tablet will be left unattended. This login isn't isn't capable of much, so the security risk is limited.
For example, the Tuesday Small Groups event might have multiple check-in groups assigned in the event edit dialog (e.g. one for each small group) and if the individual logins are only given attendance permission over their specific group, only that group will show when they come to launch the check-in kiosk, and they will only be able to see the register for that group.
But as an admin who has attendance permission over all groups, you'll see all groups available when launching the kiosk and could launch one kiosk to check-in all the groups. So on a normal week, individual house group leaders might use their phone to go to the check-in register and mark who in their group is present. But each month if you have an all-together session, you (or someone with full attendance permissions) could set up a kiosk at the entrance to the church where all groups can check-in and print a name label just for that week.
On a normal Sunday though, it's probably best to have all kiosks being able to check-in all groups, as then a family turning up can check-in all their kids in one go from the same kiosk. In which case I think most churches just go for the single check-in login that all leaders use that has attendance over all Sunday groups. And then if they are always monitoring the tablets, they don't bother clicking the "log-out" link and they just ignore the warning, but therefore they never need to use the leader PIN.