The Skedda Companion App is a lightweight desktop app for Mac and Windows that automatically verifies your office presence and checks you into bookings - no browser tab, no manual interaction required.
Once installed and signed in, the app runs quietly in the background. When your laptop connects to the office network, Skedda marks you as seen on-site and, if your workplace has enabled it, automatically checks you into eligible bookings.
How It Works
1. Your admin sets up occupancy tracking - Your workplace configures Skedda to recognise when devices connect to the office network and optionally enables automatic check-in rules for bookings.
2. You install the app once - Download and install the Companion App on your work device. Your IT team may do this for you automatically.
3. Sign in once - Open the app and sign in with your Skedda account. You'll stay signed in across restarts.
4. Skedda handles the rest - When you arrive at the office and your laptop connects to the network, you're automatically marked as on-site and checked into eligible bookings.
Installing the Companion App
1. Download the installer for your operating system:
- Mac (Apple Silicon / M1–M4): Download ARM
- Mac (older Intel): Download Intel
- Windows: Download Windows installer
Not sure which Mac version you need?
Click the Apple icon (top-left) → About This Mac → Chip If it says Apple M1/M2/M3/M4, choose ARM. If it says Intel, choose Intel.
2. Run the installer.
Installation is lightweight (a few MB). Your device may prompt for your system password.
3.The app launches automatically after installation.
Finding the App After Installation
The Companion App does not appear in your Dock (Mac) or on your Taskbar (Windows). It lives in your system tray or menu bar.
Mac: Look in the menu bar at the top-right of your screen for the Skedda icon.
Windows: Look in the system tray at the bottom-right of your taskbar. You may need to click the "^" arrow to expand hidden tray icons.
Signing In
1. Click the Skedda icon in your menu bar or system tray.
2. Click Sign In.
3. If you're already signed into Skedda in your browser, the sign-in completes quickly. If not, log in as normal, then reopen the Companion App to complete the handoff.
4. You're done - sign-in persists across restarts, so this is a one-time step.
Day-to-Day Use
There's nothing you need to do after the initial setup. Here's what happens in the background:
1. You arrive at the office with your work laptop.
2. Your laptop connects to the office network.
3. The Companion App detects the connection and checks your IP against your venue's configured office network.
4. If there's a match, you're marked seen on-site in Skedda.
5. If you have a booking with an open check-in window and your workplace has enabled automatic check-in, Skedda checks you in automatically.
Note: You do not need to open Skedda or do anything manually. The app starts automatically when your laptop boots up.
Important to Know
The app must stay running for occupancy tracking and automatic check-in to work. If you sign out of or quit the app, it will no longer track your presence until you reopen and sign back in.
Automatic check-in is optional: it must be enabled by your Skedda administrator. If you're being marked on-site but not checked into bookings, check with your admin.
No precise location tracking: the app only checks whether your device is on a specified office network. It does not track your location beyond that.
FAQs
Do I need to open Skedda when I arrive at the office?
Do I need to open Skedda when I arrive at the office?
No. The Companion App verifies your presence automatically in the background when your laptop connects to the office network.
Does my administrator need to do anything?
Does my administrator need to do anything?
Yes - your admin needs to enable occupancy tracking and add the office's public IP address in Skedda settings. If you expect automatic check-ins, they also need to enable that in the relevant check-in rules.
I installed the app but wasn't automatically checked into my booking. What happened?
I installed the app but wasn't automatically checked into my booking. What happened?
Automatic check-in is an optional feature that must be enabled by your admin. Check with your IT team or Skedda administrator to confirm whether automatic check-in rules have been set up for your workplace.
Do I need to keep Skedda open in my browser?
Do I need to keep Skedda open in my browser?
No. The Companion App runs passively in the background and persists across restarts. There's no need to keep a browser tab open.
The app signed me out - what do I do?
The app signed me out - what do I do?
Open the app from your menu bar (Mac) or system tray (Windows) and sign in again. Once signed in, it will resume tracking automatically.
Can I use this on a personal device?
Can I use this on a personal device?
The Companion App is designed for company-managed work laptops. Using it on a personal device is possible but not recommended. Check with your IT team or admin.
Is my data secure?
Is my data secure?
Yes. Occupancy tracking uses your organisation's public IP addresses, and Skedda protects all data with encryption in transit, encryption at rest, and standard access controls. Occupancy data is not shared with third parties. By default, it is retained for 1 month and then deleted — your admin can adjust this period in Skedda's Data Retention settings.
I'm an IT admin and need to understand the security posture for this application. Where is this information?
I'm an IT admin and need to understand the security posture for this application. Where is this information?
Below you can find a comprehensive security-related overview of the Skedda Companion app.
1. Functionality Overview
1.1 What the Companion app does
The Skedda Companion is a lightweight, native system-tray application that helps improve on-site detection accuracy for Skedda customers.
A user installs Companion on their device. While it runs, the app periodically "pings" or "calls" the Skedda backend from the user's current network. The backend looks at the public IP the incoming request is associated with, compares it to the venue's configured on-site network ranges, and — if the IP matches — marks the user as "seen-on-site" for that day. If the venue has auto-check-in enabled, this implies the user is automatically checked into their bookings for that day.
The app has no main window; its entire UI is a system-tray icon and menu.
1.2 End-to-end flow
Sign in. User clicks "Sign in…" in the tray menu; the default browser opens Skedda's Companion sign-in page.
Auth redirect. Skedda redirects to
skedda-companion://auth?token=…carrying an on-site-detection-scoped token (see §2.1 for what this token can and cannot do).Token persistence. Companion validates the deep link strictly and stores the token in the OS keychain.
Pings. The Companion calls the Skedda backend over HTTPS on a schedule — the backend always responds with the next time the Companion should call again, depending on the venue's opening hours and the user's upcoming bookings. OS network-change events also trigger an immediate call, in addition to the scheduled ones.
Server-side decision. Skedda identifies the user from the token, compares the request's source IP to the venue's on-site-network configuration, and — if the IP matches — marks the user "seen-on-site". If the venue has auto-check-in enabled, this implies their bookings for that day are then auto-checked-in.
App updates. 30 s after launch and every 24 h thereafter, the app checks for signed updates and applies them silently.
1.3 Architecture at a glance
Companion is a tray-only native Rust app built on Tauri v2. It has no webview — no HTML, no JavaScript, no remote content is ever loaded or rendered inside the app. This removes the entire "insecure webview" threat class (no CSP bypass, no XSS, no devtools exposure). The only code that ever runs inside the app is the build-time application core plus the Tauri plugins it bundles; no code is loaded from the network or from user-supplied input at runtime.
Ships as: macOS .app/.dmg, Windows NSIS (per-user install, no admin rights required), Linux bundles.
2. Data the App Handles
2.1 Token scope — not a general-purpose Skedda token
The token stored by Companion is not a general Skedda login or web-session token. It is issued specifically for Skedda's native client applications (the Companion desktop app and Skedda's mobile apps that assist on-site detection by pinging the backend on the user's behalf — the backend itself performs the on-site detection). Its only valid use is the on-site-detection flow in §1.2.
The token does not grant the ability to sign into the Skedda app, read or change bookings directly, view other users' data, or call any other Skedda API.
2.2 Inventory
Item | What it is | How it moves | Where it lives on the device |
On-site-detection token | Encrypted bearer token that identifies the user for on-site detection (§2.1) | Received via | OS keychain ( |
Local log entries | Timestamps, masked tokens ( | Never transmitted anywhere | OS log directory; rotated at 5 MB, 3 files retained |
Network-change signals | OS notifications that the device's IP or interface changed | Not transmitted — used only as a trigger to send a timely ping | Not stored |
2.3 What is NOT collected
Companion has no code path to collect: hostname, device name, MAC address, Wi-Fi SSID/BSSID or nearby networks, file contents, installed apps, browser history, keystrokes, screen/clipboard contents, microphone/camera/GPS, or any third-party analytics/telemetry/crash-reporting SDK.
2.4 Retention on your device
Data | Retention |
Token in OS keychain | Until sign-out, uninstall, or manual removal |
Token in process memory | Until the app quits |
Log files | Rolling — max 5 MB/file, 3 files, oldest auto-deleted |
Ping payloads & network-change events | Not retained |
Server-side processing (retention, purpose, sub-processors, deletion rights) is governed by the Skedda Privacy Policy and DPA, not by this document.
3. What the App Can Access on Your Device
3.1 Summary
Resource | Scope the app uses |
Keychain / credential store | One entry only: service |
Deep-link URL scheme | One scheme only: |
Filesystem | Its own log directory and the OS-managed updater staging directory. No other paths. |
Network | Outbound HTTPS only, to subdomains of your Skedda authority (e.g. |
Network-change notifications | Read-only OS events used as a ping trigger. No packets sent. |
System notifications | Posts its own notifications with hardcoded text. |
Launch at login | Per-user autostart entry (removable from the OS UI). |
Shell / other processes | Opens the user's default browser to one app-constructed Skedda URL during sign-in. No other process execution. |
Webview / embedded HTML | None. |
Camera / microphone / location / contacts | None. No plugin or crate for any of these is included. |
3.2 Controls an IT admin can enforce
The scopes above are what the app asks for. An admin can independently enforce that boundary at the OS or network layer, so that any future version, supply-chain incident, or runtime compromise would still fail if the app strayed outside this behaviour.
Network egress (most impactful). Allowlist outbound HTTPS from Companion to
*.<your-Skedda-authority>:443only (e.g.*.skedda.com:443, which covers both theapp.host used for pings and thecdn.host used for signed update artifacts); deny everything else. Effective via corporate egress proxy, Windows Defender Firewall per-app rule (deployable via Group Policy/Intune), macOS MDM (Jamf/Kandji/Intune) application-layer firewall or Little Snitch, or Linux nftables/AppArmor. This single control caps every remote-reachable threat — the app has no other endpoints.Filesystem. macOS PPPC profile denying Companion access to Documents, Desktop, Downloads, iCloudDrive, NetworkVolumes, Camera, Microphone, Accessibility, Full-Disk. Windows Controlled Folder Access with Companion not on the allow-list. Linux AppArmor/SELinux profile pinning Companion to its log + updater dirs + keyring DBus path.
Code integrity. Windows WDAC or AppLocker allowlisting only the Skedda-signed Authenticode publisher. macOS Gatekeeper + Notarization enforcement via MDM, optionally Santa in lockdown with a binary rule. Linux SELinux in enforcing mode.
Autostart. macOS MDM Managed-Login-Items, Windows Group Policy on
HKCU…Run, Linux configuration management for~/.config/autostart/.
4. Integrity & Trust
4.1 Network transport
All outbound traffic is HTTPS via reqwest with the OS trust store (SChannel on Windows, Secure Transport on macOS, system roots on Linux). https:// is hardcoded; there is no plaintext HTTP in production. Connect timeout 10 s, request timeout 30 s. No URL, header, or payload field is sourced from untrusted input at runtime.
4.2 Deep-link validation
The skedda-companion:// handler parses the URL with a standard library, then requires scheme skedda-companion, host auth, a single non-empty token query parameter of at most 4 096 bytes; duplicate or extra token keys are rejected. A tauri-plugin-single-instance guard ensures a second-launch forwards its deep link into the running process (no race).
4.3 Signed updates
App updates are delivered via the Tauri updater plugin. The update manifest is fetched from app.<your-authority> and the signed artifact is downloaded from cdn.<your-authority>. Every downloaded artifact is verified against a minisign public key embedded in the app binary before install; unsigned or mismatched payloads are rejected. Checks occur 30 s after launch and every 24 h; Windows installs run in passive NSIS mode without UAC (per-user scope).
4.4 Code signing & distribution
macOS —
.app+.dmgbundle. App usesAccessoryActivationPolicyto stay out of Dock/Cmd-Tab. Signing + notarization enforced in release CI.Windows — NSIS per-user installer (
installMode: currentUser, no admin elevation). Authenticode signed in release CI.Linux — standard Tauri bundles.
4.5 Secret storage
The token is held in the OS keychain via the keyring crate: macOS Keychain, Windows Credential Manager, Linux Secret Service. Service com.skedda.companion, account user-token. Writes are verified via read-back; memory cache covers transient keychain failures. Sign-out clears both memory and keychain.
4.6 Logging
Structured logs via tauri-plugin-log to the OS log directory (stdout only in debug builds). 5 MB rotation, 3 files retained. Tokens are always masked to ***<last-3-chars>; request and response bodies are never logged verbatim.
4.7 Supply chain
Production dependencies are a small, audited set: Tauri v2 (core + updater/deep-link/autostart/notification/single-instance/log plugins), reqwest (HTTPS), keyring (OS credential store), tokio (minimal feature set), serde, url. No third-party JavaScript ships in the binary (the only Node dependency is @tauri-apps/cli for build scripts). The repo runs routine dependency audits to surface advisories in these crates.
5. References
Skedda Data Processing Agreement: Please contact your Skedda Account Representative.