DEMO ENVIRONMENT — All data is synthetic. No real systems are accessed.

← Demo/MRI profiles200 users

Guided MRI demo

See a representative MRI report flow for a 200-user company

This demo uses representative data, but follows the same report structure, product model, and evidence approach used by the MRI board and technical outputs. Choose a company size, walk through the key screens in plain language, then finish on the generated report views.

MRI is the current public GA surface. The walkthrough shows what MRI can realistically demonstrate today: assessment-style posture, findings, and report outputs. Core is the next governed release path. Enhanced and AISF remain beta-only and should not be read as fully delivered public products.

Start breach narrative Start full portal tour Open demo board report Open demo technical report Open audit readiness report

Identity posture

65/100

Moderate risk, high remediation leverage

Identities analysed

247

10 connected platforms

Telemetry streams

correlated in report output

Projected posture

77/100

after immediate remediation

Active profile

Acme Corp

Concentrated risk in a smaller hybrid estate. The report highlights a few high-impact privilege and secrets issues that can be fixed in one focused sprint.

AudienceSME / lean security team

High-severity findings10

Medium-severity findings16

Top risk themeUnchecked Administrative Privilege Concentration

Company profiles

Switch the entire demo between 200, 2,000, and 20,000 users

200 users

SME

Active

Concentrated risk in a smaller hybrid estate. The report highlights a few high-impact privilege and secrets issues that can be fixed in one focused sprint.

Posture

65/100

Platforms

Findings

Workloads

2,000 users

Mid-market

Cross-platform attack paths, service-account sprawl, and PAM friction require coordinated IAM, Cloud, AppOps, and SecOps ownership.

Posture

58/100

Platforms

Findings

Workloads

20,000 users

Enterprise

Workload identity sprawl, subsidiary trust, legacy authentication, and DevOps pipeline privilege require programme-level investment and governance.

Posture

47/100

Platforms

Findings

Workloads

412

Portal coverage

The demo maps to the governed product modules behind the MRI story

The MRI walkthrough still ends on report output, but it now exposes more of the actual portal surface: compliance, certification, connectors, alerts, and customer operations.

Risk operations

Command Center

Demo portal

Shared posture score, trend, priority queue, platform health, and Cognitia insight.

Identity Discovery

Demo portal

Search and pivot through the identities that feed posture, drift, and report output.

Assessments

Demo portal

Assessment history, latest runs, and packaged outputs anchored to real execution.

Governance and assurance

Comply

Demo portal

Controls, evidence, incidents, DORA, Cyber Essentials, risk register, and crosswalks.

Certify

Portal module

Certification projects, evidence vault, task workflows, and audit-readiness tracking.

MRI report outputs

Demo surface

Board, technical, and audit readiness report views with synthetic data.

Operations and automation

Connectors

Demo portal

Integration status, sync health, tiers, and data-source operational context.

Alerts and response

Demo portal

Thresholds, notifications, and operational response triggers for identity risk.

Admin surfaces

Portal module

Settings, team, API keys, and webhooks for customer-installed operation.

Fidara advisor

Guided help is now integrated

A Fidara advisor launcher is mounted across the demo and app shells. It is available in environments where an advisor endpoint is configured and degrades honestly when it is not.

Current environment

Advisor UI integrated, endpoint not configured here

The launcher and availability handling are wired in. Set NEXT_PUBLIC_ADVISOR_API_URL or NEXT_PUBLIC_ADVISOR_ENABLED to activate it in deployment.

Product tier

MRI

Tour mode

MRI + portal coverage

What the report will show

Identity posture score: 65/100 — moderate; 10 high-severity findings across 10 platforms.
Primary risk: three standing Global Admin accounts with no approval gate, plus a 127-day-old Conditional Access exception covering 14 users.
Cross-platform attack path: Okta SMS user → Entra federation → AWS full admin access in 3 hops.
Secrets hygiene: HashiCorp Vault root token never revoked; GitHub repos store long-lived AWS admin credentials instead of OIDC.
Workload identity hygiene: 5 overprivileged service accounts, 3 unrotated tokens; payment processor holds cluster-admin in Kubernetes.
Immediate actions: revoke Vault root token, migrate GitHub CI to OIDC, scope Kubernetes RBAC, remove 2 of 3 standing Global Admin assignments.

Fix-first priorities

Remove acme.user.alex.johnson and acme.user.bob.smith from permanent Global Administrator; convert to PIM-eligible with Privileged Authentication Administrator as approver.

IAM

Effort: low

Scope Kubernetes ClusterRoleBinding 'acme-admin' to payment-processing namespace only; replace with a namespace-scoped RoleBinding.

AppOps

Effort: low

Disable CA-LegacySMTP-Exception after coordinating alternative auth flow with 14 affected accounts; document business justification or set a 30-day mandatory review date.

IAM

Effort: medium

Evidence snapshot

The walkthrough now lands on this report output

Compare both demo report views

Entra ID

Three user accounts hold permanent Global Administrator role assignments without PIM activation gate.

F-200-001

AWS IAM

Lambda execution role acme.role.lambda-processor has wildcard action and resource in inline policy.

F-200-002

Okta

34 finance user accounts enrolled with SMS OTP only; no phishing-resistant factor available.

F-200-003

Google Cloud IAM

Service account acme.service.data-pipeline has project-level Editor role with 183-day-old unrotated key.

F-200-004

Kubernetes

ClusterRoleBinding 'acme-admin' binds cluster-admin to acme.service.payment-processor at cluster scope.

F-200-005