DEMO ENVIRONMENT — All data is synthetic. No real systems are accessed.

← Demo/MRI profiles2,000 users

Guided MRI demo

See a representative MRI report flow for a 2,000-user company

This demo uses representative data, but follows the same report structure, product model, and evidence approach used by the MRI board and technical outputs. Choose a company size, walk through the key screens in plain language, then finish on the generated report views.

MRI is the current public GA surface. The walkthrough shows what MRI can realistically demonstrate today: assessment-style posture, findings, and report outputs. Core is the next governed release path. Enhanced and AISF remain beta-only and should not be read as fully delivered public products.

Start breach narrative Start full portal tour Open demo board report Open demo technical report Open audit readiness report

Identity posture

58/100

Moderate-elevated risk, coordinated remediation required

Identities analysed

2,014

13 connected platforms

Telemetry streams

correlated in report output

Projected posture

71/100

after immediate remediation

Active profile

Acme Corp

Cross-platform attack paths, service-account sprawl, and PAM friction require coordinated IAM, Cloud, AppOps, and SecOps ownership.

AudienceMid-enterprise / cross-functional security programme

High-severity findings23

Medium-severity findings37

Top risk themeCross-Platform Attack Chains Bypass Individual Platform Controls

Company profiles

Switch the entire demo between 200, 2,000, and 20,000 users

200 users

SME

Concentrated risk in a smaller hybrid estate. The report highlights a few high-impact privilege and secrets issues that can be fixed in one focused sprint.

Posture

65/100

Platforms

Findings

Workloads

2,000 users

Mid-market

Active

Cross-platform attack paths, service-account sprawl, and PAM friction require coordinated IAM, Cloud, AppOps, and SecOps ownership.

Posture

58/100

Platforms

Findings

Workloads

20,000 users

Enterprise

Workload identity sprawl, subsidiary trust, legacy authentication, and DevOps pipeline privilege require programme-level investment and governance.

Posture

47/100

Platforms

Findings

Workloads

412

Portal coverage

The demo maps to the governed product modules behind the MRI story

The MRI walkthrough still ends on report output, but it now exposes more of the actual portal surface: compliance, certification, connectors, alerts, and customer operations.

Risk operations

Command Center

Demo portal

Shared posture score, trend, priority queue, platform health, and Cognitia insight.

Identity Discovery

Demo portal

Search and pivot through the identities that feed posture, drift, and report output.

Assessments

Demo portal

Assessment history, latest runs, and packaged outputs anchored to real execution.

Governance and assurance

Comply

Demo portal

Controls, evidence, incidents, DORA, Cyber Essentials, risk register, and crosswalks.

Certify

Portal module

Certification projects, evidence vault, task workflows, and audit-readiness tracking.

MRI report outputs

Demo surface

Board, technical, and audit readiness report views with synthetic data.

Operations and automation

Connectors

Demo portal

Integration status, sync health, tiers, and data-source operational context.

Alerts and response

Demo portal

Thresholds, notifications, and operational response triggers for identity risk.

Admin surfaces

Portal module

Settings, team, API keys, and webhooks for customer-installed operation.

Fidara advisor

Guided help is now integrated

A Fidara advisor launcher is mounted across the demo and app shells. It is available in environments where an advisor endpoint is configured and degrades honestly when it is not.

Current environment

Advisor UI integrated, endpoint not configured here

The launcher and availability handling are wired in. Set NEXT_PUBLIC_ADVISOR_API_URL or NEXT_PUBLIC_ADVISOR_ENABLED to activate it in deployment.

Product tier

MRI

Tour mode

MRI + portal coverage

What the report will show

Identity posture score: 58/100 — moderate-elevated; 23 high and 37 medium findings across 11 platforms.
Critical path: Okta analyst account → Entra federation → AWS AdministratorAccess in 3 hops; extends to 2 subsidiary AWS accounts.
PAM gaps: CyberArk has 23 accounts without dual-control and a shared VaultAdmin credential; BeyondTrust production/dev jump clients not zone-segregated.
GitHub CI risk: 47 workflows use long-lived cloud credentials instead of OIDC; 4 org owners bypass enterprise SSO via personal accounts.
Service account sprawl: 86 AD service accounts (23 overprivileged), 14 GCP service accounts (6 unrotated keys, 3 committed to CI/CD).
IaC drift: 5 confirmed drift events across Entra, AWS, GCP, Okta, and Kubernetes; average drift age 74 days without remediation.

Fix-first priorities

Add aws:MultiFactorAuthPresent and aws:RequestedRegion condition keys to acme.role.cloud-admin SAML trust policy; restrict session duration to 1 hour.

Cloud

Effort: low

Revoke all 3 GCP service-account keys committed to acme-ci-pipeline repository; rotate immediately; migrate to Workload Identity Federation for CI/CD GCP access.

Cloud

Effort: medium

Disable the 2 Okta API tokens owned by deprovisioned users (acme.user.former.employee1, acme.user.former.employee2); audit all API tokens against active user list.

IAM

Effort: low

Evidence snapshot

The walkthrough now lands on this report output

Compare both demo report views

Entra ID

6 permanent Global Admin assignments; 0 PIM eligible schedules.

F-2K-001

AWS IAM

SAML trust role acme.role.cloud-admin has AdministratorAccess and no condition keys.

F-2K-002

Okta

4 Okta super-admins authenticate from named network zone without FIDO2.

F-2K-003

Google Cloud IAM

3 SA keys committed to CI/CD repo; all unrotated >90 days.

F-2K-004

Kubernetes

4 cluster-admin ClusterRoleBindings to workload service accounts across 4 namespaces.

F-2K-005