Products

Mesh Dashboard

The multi-tenant web console for administering a Lattix tenant.

The Mesh Dashboard is the web console. It is where administrators configure the tenant, where authors manage policies and tag schemas, where analysts review audit events, and where users interact with protected data through Passport and Data Rooms.

The dashboard is served at a tenant-specific subdomain (e.g. your-org.lattix.io). Identity is provisioned through your configured identity provider — see Configuration → Identity.

Core surfaces

Organization settings. Tenant-wide configuration: identity provider, default encryption backend, subdomain, branding, retention baseline. Typically touched at onboarding and reviewed periodically.

Policy Engine. Author, test, and publish access policies. Supports staging and review workflows so changes can be approved before going live. See Products → Policy Engine.

Key Management. Connect to your KMS or HSM backend, view the key inventory, trigger rotations, and monitor rotation status. See Products → Key Management.

Tag Schema. Define the classifications the organization recognizes, the values each tag may take, and which combinations require review. See Configuration → Tag Schema.

Connectors. Enable and configure integrations with the cloud storage and application sources your data already lives in. See Products → Connectors.

Audit. Query the Immutable Ledger, export evidence packs, and manage retention. See Products → Immutable Ledger.

Passport and Data Rooms are user-facing surfaces accessible from the main dashboard navigation once enabled by an administrator.

Role model

Within a tenant, the dashboard distinguishes broad permission tiers:

  • Tenant owners — full administrative control, including identity provider and billing.
  • Security administrators — policies, key management, tag schema, and audit.
  • Data stewards — tag schema and classification oversight, but not policy or key management.
  • Members — access Passport and Data Rooms according to policy; no administrative scope.
  • Read-only — audit and review permissions without the ability to make changes.

Role assignments are synchronized with the identity provider by mapping claims from the identity token to dashboard roles. An administrator is never logging in with a password stored by Lattix — authentication is always federated.

Branding and subdomain

Each tenant is served at its own subdomain for isolation. Administrators can set the organization's display name, logo, and accent color within the dashboard. These are cosmetic — they have no effect on the underlying security boundary.

The administrative workflow

A typical administrative session:

  1. Sign in at the tenant subdomain via the configured identity provider.
  2. Review the audit digest (unusual denials, new tag combinations, expiring keys).
  3. Action any pending policy review requests.
  4. Confirm any pending tag schema changes.
  5. Sign out. All session state is bounded.

Routine user sessions (consuming data in Passport, collaborating in a Data Room) do not touch the administrative surfaces.

Products

The Lattix product suite — what each product does and which concepts it exposes.

Lattix Passport

Secure file sharing built on Zero Trust Data Format — send once, enforce forever.

On this page

Core surfacesRole modelBranding and subdomainThe administrative workflow