← Internal hub
internal · demo arsenal

Demo cheat sheet

Everything you need to run a sales demo in under 60 seconds of setup. URLs, persona headers, demo accounts, reset commands, screencast prompts.
Golden rule. Demo against demo.staging.app.rapidvalue.eu — never against prod tenants. The staging demo tenant has pre-seeded "Charlotte the over-permissioned admin" + 53 product screenshots + IVIP fixtures (3 SoD rules + 30d risk-trend + dormant grants).

Live demo URLs

PurposeURLNotes
Public marketingwww.rapidvalue.euNetlify — share with prospects
Pricing page/pricing.htmlList prices anchor for negotiation
Demo tenant appdemo.staging.app.rapidvalue.euUse for screen-share demos
Demo tenant APIdemo.staging.app.rapidvalue.eu/api/v1OpenAPI: /docs if exposed
Staging app (default tenant)staging.app.rapidvalue.euFor test-account development
Staging ops portalstaging.ops.rapidvalue.euPlatform-admin (vendor-internal)
Prod tenant appapp.rapidvalue.euNever run live demos here

Demo personas (X-Demo-Role header)

Auto-injected from localStorage["demoRole"]. Click any value below in DevTools console to switch:

localStorage.setItem("demoRole", "iga_admin"); location.reload();
RoleWhat they seeDemo use-case
iga_adminEverything — full IAM adminDefault for most demos
iga_auditorRead-only audit + complianceAudit-pack export, audit-trail walk
iga_managerTeam-scoped (manager's reports)Cert campaign, JML approve flow
iga_resource_ownerOwned resources onlyApp-owner cert + business-role mining
iga_helpdeskTickets + manual-prov-tasksHelpdesk workflow demo (escalations)
iga_userSelf-service portal onlyEnd-user access request flow

Demo accounts (login flow)

TenantUsernamePasswordNotes
demo (staging)admin@demo.rapidvalue.eusee 1Password vaultMFA disabled on demo tenant
default (staging)admin@default.rapidvalue.eusee 1Password vaultDev-only tenant
prod self-signupvia /tenant-signupPublic signup for trial flow
Never commit demo credentials. Always pull from the team 1Password vault. If a prospect asks for shareable credentials, spin up a fresh trial tenant for them via the public signup flow.

Reset cycle (between demos)

Restore the demo tenant to its baseline shape in ~30 seconds:

# SSH to staging EC2 (key in 1Password) ssh ec2-user@staging.app.rapidvalue.eu # Reset business data + re-run HR + target syncs docker compose exec backend python scripts/reset_for_live_demo.py --tenant=demo docker compose exec backend python scripts/orchestrate_reset_cycle.py --tenant=demo # Re-seed IVIP fixtures (3 SoD rules + 30d risk-trend + dormant grants) docker compose exec backend python scripts/seed_ivip_demo_fixtures.py --tenant=demo

Per the mock-data principle in CLAUDE.md, only config + history rows are direct-seeded. Identities + accounts + grants come from the HR + target sync re-runs.

Demo narrative — golden path

Step 1 — Wizard onboarding (under 5 min)

  1. Connectors → Add Connector → pick "Microsoft Entra ID" from catalog
  2. System role = Target → BASE URL pre-filled (graph.microsoft.com)
  3. Auth = OAuth2 client credentials → fill demo tenant credentials
  4. SYNC_STRATEGY: "yes" on-prem AD → pick a source connector
  5. ATTRIBUTE_SELECTION: leave required + recommended checked
  6. TEST_AND_MAP → visibility-mode "inventory confirm" (single checkbox)
  7. SYNC_SCHEDULE → 1h interval → Activate

Step 2 — Charlotte the over-permissioned admin

  • Identities → search "Charlotte" → drawer opens with RiskBadge 91 (CRITICAL)
  • What-tab → AccessTree shows direct + transitive grants with UsageBadge tier-colors
  • Why-tab → IdentityRiskComponentsPanel shows the 14 weighted components
  • Time-machine: drag to "30 days ago" → see her access shape before promotion

Step 3 — Cross-system SoD violation

  • SoD Rules → "Vendor master vs Payment release" rule (financial_v1 sector pack)
  • Drawer: 2 violating identities + per-side entitlement list

Step 4 — Risk trend

  • Executive Dashboard → 30-day stacked-area chart (V-shape)
  • IvipSummaryTiles → 5 clickable tiles (critical / SoD / dormant / outliers / top resource)

Step 5 — Audit pack export

  • Governance › Compliance → Audit packs → SOX A.9 template
  • Date range last quarter → Generate → ZIP download with HTML index + JSONL sections

Screencast prompts (Playwright)

Re-shoot the 53 product screenshots from the staging demo tenant:

# Backend venv on staging or local cd backend && .venv/bin/python scripts/screenshots_demo_screens.py \ --base-url https://demo.staging.app.rapidvalue.eu \ --out frontend/public/screenshots/ # Or via the make target make screenshots

Outputs land in marketing/website/screenshots/ after the Netlify-site refactor. Re-deploy via `marketing/website/` Netlify push to publish.

Mocks-lab quick reference

Lab mocks are tenant-aware via path prefix /t/{tenant_id}/...:

MockURLReset
HR (Workday-shape)hr.lab.rapidvalue.eu/t/demo/api/employeesPOST /admin/reset
AppHub (SCIM target)apphub.lab.rapidvalue.eu/t/demo/scim/v2/UsersPOST /admin/reset
LDAPldap.lab.rapidvalue.eu/t/demo/...POST /admin/reset

Admin header required: X-Admin-Token: lab-demo-reset. List tenants: GET /admin/tenants. Drop a tenant: DELETE /admin/tenants/{id} (default is protected).

Common demo gotchas

  • Wizard 500 → migration 0165 zorgt voor de waypoint_id enum-waarden. Bij ouder staging-deploy: run lifespan-auto-upgrade restart.
  • Empty IVIP panels → run seed_ivip_demo_fixtures.py opnieuw (3 SoD + risk-trend + dormant).
  • No audit-pack data → cert sweep moet ≥ 1× gedraaid hebben. POST /api/v1/certification/sweep dwingt manueel.
  • Frontend doesn't update → hard refresh (Ctrl+Shift+R) — service-worker kan oud bundle cachen.
  • "Charlotte" niet gevonden → reset is niet gedraaid. orchestrate_reset_cycle.py herstelt HR-data inclusief de demo-persona.
  • X-Demo-Role wordt genegeerd → werkt alleen op staging (gated op APP_ENV != "production").