Domo Integration¶
Domo can remain the client-facing presentation layer for live business deliverables and account dashboards, while LeafEnterprise owns deterministic backend policy, calculations, evidence, and generated outputs.
The intended model is dual enforcement:
- Domo PDP protects Domo-native cards, datasets, and App Studio views.
- LeafEnterprise backend authorization protects APIs, generated artifacts, AI summaries, savings/audit packets, and dashboard-ready extracts.
Client dropdowns inside a dashboard are not a security boundary. They are user experience controls only. The security boundary must be Domo PDP, LeafEnterprise backend authorization, or both.
Intended Domo-Native Pattern¶
flowchart LR
User[Customer user] --> Identity[Domo identity / SSO / private embed]
Identity --> Group[Domo group per customer/account/scope]
Group --> App[Shared App Studio app/page/card]
App --> PDP[PDP row and column policies]
PDP --> Data[Allowed dataset rows/columns]
Data --> Cards[Dashboard cards]| Step | Requirement |
|---|---|
| Identity | Customer has a Domo user identity, SSO-backed access, or private embed access. |
| Group | User belongs to the customer/account/contract-scope group. |
| Content sharing | App Studio app, page, dashboard, or card is shared with that group. |
| PDP | Dataset row/column policies restrict rows and sensitive fields for that group. |
| Rendering | Cards render only data the user/group is entitled to see. |
Current Recovered Domo Signal¶
The recovered Leaf IQ Domo catalog indicates the client-dashboard estate already uses this pattern for high-signal datasets:
| Dataset | PDP | Cards tied to dataset |
|---|---|---|
Client Data for Reporting - Production |
enabled | 89 |
Client Data for Reporting |
enabled | 162 |
Source artifact: C:\Users\LoganKronforst\Dev\leaf-iq\docs\catalog\client-dashboard-takeover-map.md.
That is strong evidence that Domo was already using PDP for the client dashboard surface, but it is not enough by itself. LeafEnterprise still needs backend scope enforcement for any API-driven, generated, or AI-assisted output.
Security Boundary Rule¶
| Mechanism | Security role |
|---|---|
| Domo group membership | Controls which users receive shared Domo content and PDP policies. |
| Domo PDP | Filters rows and masks columns for Domo-native datasets/cards. |
| Domo dropdown/filter | UX only unless the underlying data is already scoped by PDP or backend policy. |
| LeafEnterprise authorization | Required for APIs, artifacts, AI summaries, exports, packets, and backend-generated extracts. |
| Cloudflare/Entra | Perimeter identity for LeafEnterprise internal tools and docs; not a replacement for data-scope enforcement. |
External Documentation Basis¶
Domo's PDP documentation describes dataset-level row and column policies for users and groups, including row filtering and column masking for sensitive values. Domo's governance overview lists PDP, groups, and SSO as governance/security mechanisms. Domo's embed documentation distinguishes public and private embed and states that private embed can be paired with SSO/PDP or programmatic filtering.
References: