DEMO ENVIRONMENT — All data is synthetic. No real systems are accessed.

← Demo/MRI profiles20,000 users

Guided MRI demo

See a representative MRI report flow for a 20,000-user company

This demo uses representative data, but follows the same report structure, product model, and evidence approach used by the MRI board and technical outputs. Choose a company size, walk through the key screens in plain language, then finish on the generated report views.

MRI is the current public GA surface. The walkthrough shows what MRI can realistically demonstrate today: assessment-style posture, findings, and report outputs. Core is the next governed release path. Enhanced and AISF remain beta-only and should not be read as fully delivered public products.

Start breach narrative Start full portal tour Open demo board report Open demo technical report Open audit readiness report

Identity posture

47/100

Elevated risk, programme-level response required

Identities analysed

20,341

16 connected platforms

Telemetry streams

correlated in report output

Projected posture

62/100

after immediate remediation

Active profile

Acme Corp

Workload identity sprawl, subsidiary trust, legacy authentication, and DevOps pipeline privilege require programme-level investment and governance.

AudienceLarge enterprise / board-sponsored programme

High-severity findings51

Medium-severity findings96

Top risk themeAn Entire Cloud Environment Can Fall to a Single Subsidiary Breach

Company profiles

Switch the entire demo between 200, 2,000, and 20,000 users

200 users

SME

Concentrated risk in a smaller hybrid estate. The report highlights a few high-impact privilege and secrets issues that can be fixed in one focused sprint.

Posture

65/100

Platforms

Findings

Workloads

2,000 users

Mid-market

Cross-platform attack paths, service-account sprawl, and PAM friction require coordinated IAM, Cloud, AppOps, and SecOps ownership.

Posture

58/100

Platforms

Findings

Workloads

20,000 users

Enterprise

Active

Workload identity sprawl, subsidiary trust, legacy authentication, and DevOps pipeline privilege require programme-level investment and governance.

Posture

47/100

Platforms

Findings

Workloads

412

Portal coverage

The demo maps to the governed product modules behind the MRI story

The MRI walkthrough still ends on report output, but it now exposes more of the actual portal surface: compliance, certification, connectors, alerts, and customer operations.

Risk operations

Command Center

Demo portal

Shared posture score, trend, priority queue, platform health, and Cognitia insight.

Identity Discovery

Demo portal

Search and pivot through the identities that feed posture, drift, and report output.

Assessments

Demo portal

Assessment history, latest runs, and packaged outputs anchored to real execution.

Governance and assurance

Comply

Demo portal

Controls, evidence, incidents, DORA, Cyber Essentials, risk register, and crosswalks.

Certify

Portal module

Certification projects, evidence vault, task workflows, and audit-readiness tracking.

MRI report outputs

Demo surface

Board, technical, and audit readiness report views with synthetic data.

Operations and automation

Connectors

Demo portal

Integration status, sync health, tiers, and data-source operational context.

Alerts and response

Demo portal

Thresholds, notifications, and operational response triggers for identity risk.

Admin surfaces

Portal module

Settings, team, API keys, and webhooks for customer-installed operation.

Fidara advisor

Guided help is now integrated

A Fidara advisor launcher is mounted across the demo and app shells. It is available in environments where an advisor endpoint is configured and degrades honestly when it is not.

Current environment

Advisor UI integrated, endpoint not configured here

The launcher and availability handling are wired in. Set NEXT_PUBLIC_ADVISOR_API_URL or NEXT_PUBLIC_ADVISOR_ENABLED to activate it in deployment.

Product tier

MRI

Tour mode

MRI + portal coverage

What the report will show

Identity posture score: 47/100 — elevated; 51 high and 96 medium findings across 11 platforms; risk trajectory is worsening.
Primary cluster 1: Workload identity sprawl — 412 service accounts, 124 overprivileged, 89 stale, 67 long-lived tokens.
Primary cluster 2: Legacy authentication — 340 accounts bypass MFA and Conditional Access via NTLM/Basic auth across 7 subsidiary domains.
Primary cluster 3: DevOps pipeline privilege — 127 GitHub OIDC workflows unconstrained; build pipelines can modify production infrastructure.
PAM cluster: CyberArk — 234 accounts rotation disabled, 89 Conjur secrets exposed as env vars, PVWA recording disabled for 312 accounts.
MIM self-service allows Tier-0 group membership changes without approval; MIM sync account has Domain Admin rights.

Fix-first priorities

Scope Azure DevOps service connection acme-ado-pipeline-prod from subscription-level to resource-group Contributor; review all 12 ADO service connections against least-privilege baseline.

Cloud

Effort: medium

Add sts:SourceIdentity and aws:PrincipalTag[K8sNamespace] condition keys to all 89 IRSA role trust policies; prioritise the 23 roles with s3:* or dynamodb:* on Resource:*.

Cloud

Effort: high

Revoke and rotate all 12 GCP SA keys committed to version control repositories; immediately disable keys found in public-facing repos; initiate incident assessment for potential prior exposure.

Cloud

Effort: medium

Evidence snapshot

The walkthrough now lands on this report output

Compare both demo report views

Entra ID

12 permanent Global Admin assignments; no PIM; 3 accounts inactive >45 days.

F-20K-001

Entra ID

340 accounts using legacy NTLM or Basic auth; bypass Conditional Access and MFA.

F-20K-002

Entra ID

2 vendor SAML federation trusts active with no sign-in in >180 days.

F-20K-003

AWS IAM

47 cross-account trust roles lack condition keys; compromise of shared-services propagates to all.

F-20K-004

AWS IAM

8 S3 buckets with internal data have public ACLs; 3 are publicly readable.

F-20K-005