External Publication Groups and Data Privacy concerning Buzz & Search

We are currently using External Publication Groups to give external clients access to select pages of data.

We also limit the data on select columns that they have access to inside the Publication Group settings.

The contacts we create for these pages and publication groups have no access to any other pages or cards inside the admin settings.

 

We have discovered an issue with this set up and cannot find a solution.

The issue is that these contacts have access to Buzz and Search in their Domo account.

Within Buzz they are able to message any user or group in our contact list in Domo.

Within Search they are able to view results for Buzz, People, Connectors, Help Center, Available Apps and Groups.

 

Search is particulalry concerning for us as they can view all their competitors details including Names, Email Addresses and Phone Numbers. 

 

https://knowledge.domo.com/@api/deki/files/4011/WhenToUsePDP_vs_PubGroups_v4.pdf?revision=1

In this support document it states that Publication Groups are best to use for External Clients.

And it specifically states that it "prohibits external pub group users from Buzzing or interacting with anyone else".

 

Is this a known bug/issue? Or am I missing something really obvious in the settings?

 

Many thanks

Jonathan

1
1 votes

· Last Updated

Comments

  • We’re dealing with the same issue.  It’s frightening how much user content/communication everyone in our Domo instance can access regardless of security role or content sharing.

     

    For your particular question regarding Publication Groups prohibiting external users from Buzzing or Interacting with anyone else.  There’s a small section of the “Setting Up Publication Groups” help page https://knowledge.domo.com/Administer/Controlling_Access_in_Domo/055Setting_Up_Publication_Groups that details how you can add a –ss to your instance’s domain (e.g. domain-ss.domo.com) and it’s at this modified url location where search and buzz seem to be turned off. 

     

    However, that being said it would still be good to hear from someone with Domo about how exactly this works…

    • is there a way to force people to login through the –ss option?  We’ve shared our original instance url with our external users, so, what’s to stop them from continuing to use the un-modified url.
    • how exactly does Single Sign-On fit in?  It's referenced as needed for the publication groups, but I was able to test the -ss option with our standard Domo login approach.
    • are there other options?
      • Can we simply turn off buzz and search in our instance?
      • I've heard about creating custom security roles (aka a modified participant that doesn't have access to buzz for example).  Has there been any progress on this feature?
      • Ideally, it would be great if a user could only search-for or chat-with the people they shared content with (just like it already does with cards)

    Thanks,

    Tom

  • Hi Tom,

    Thanks for your comments.

    Domo got back to me on this topic outside of this forum.

    Limiting Buzz and Search to third parties does require -ss.domo.com but in order for it to work correctly you actually need to isolate the users by using an SSO service. 

    Domo pointed me to a service called Okta - they have a partnership with them. You manage users inside Okta, they can use any email address, and you assign the Domo app to the users in Okta. Then in Domo you enter the email address of the user in the SSO box within the publication group admin. 

    I agree there should be more documentation on this.

    But moreover I believe more granular access privilages would solve this - being able to turn off Buzz and Search within the Domo account.

    Thanks

    Jonathan

This discussion has been closed.