RapidValue

Appearance

POC mode

30-day trial tenants designed for "let me show this to my CISO and DPO" moments. Sales-rep-bootstrapped, customer-owned, privacy-safe.

What POC mode does

When a tenant is provisioned with poc_mode=true:

  • 30-day expiry timer starts ticking from bootstrap
  • Agent-default execution — every connector is created with execution_mode=agent. Customers see the tier-3 architecture in action from day one, no extra config.
  • Funnel-stage tracking — each customer action moves them through bootstrapped → connected → activated → formalized. The internal cross-tenant dashboard shows where every POC is in the funnel.
  • Take-home report — at any point during the trial (or after), the customer can download a privacy-safe HTML/MD report. CISO + DPO can read it without logging into the tool.
  • Write-blocking after expiry — at day 30, the PocExpiryMiddleware returns HTTP 423 (Locked) on every non-safe HTTP method except a whitelist of safe paths (report download, status check, conversion-to-paid).

::: poc-callout Conversion model: POC tenant data is preserved for 60 days after expiry. Conversion to paid = flip the poc_mode flag, reset funnel stage to activated, rules continue applying. No re-onboarding. :::

Bootstrapping a POC

Two paths:

Sales-rep path (the typical one)

bash
rv-poc bootstrap acme-corp \
  --sector financial-services \
  --contact alice@acme.com \
  --duration 30

This calls the control plane API, provisions the tenant, registers the first agent, and prints a one-liner the customer pastes on their server to install the agent. See rv-poc CLI for full reference.

Self-service path

https://signup.rapidvalue.be/poc — customer fills a short form, gets an email with the same install one-liner.

The take-home report

Generated on-demand by GET /api/v1/poc/report/<tenant_id>. Two formats: HTML (for emailing) or Markdown (for pasting into a document).

What's in it:

  • Tenant summary (sector pack, days used, current funnel stage)
  • Connector inventory — types only, no credentials, no endpoints
  • Identity counts by type (human / contractor / service / NHI) — counts only, no names, no emails
  • Role inventory — names + member counts, no member lists
  • Governance metrics — # approvals processed, # certifications completed, average decision time
  • Sector-pack compliance scorecard — which framework controls are satisfied, which need attention
  • 5 recommendations for next steps

What's deliberately not in it:

  • Identity records (names, emails, attributes)
  • Group/role memberships
  • Connector endpoints or credentials
  • Detailed audit logs

The report is shareable with anyone (CISO, DPO, procurement, board) without privacy-review overhead.

Funnel stages

Each POC tenant carries a funnel stage that tracks demo progress:

StageTrigger
bootstrappedTenant created, no connector yet
connectedFirst connector synced successfully
activatedFirst role-mining opportunity surfaced
formalizedFirst role formalized + first request governed

Internal sales dashboard at Admin → Cross-tenant POC dashboard shows all POCs grouped by stage. Useful for sales follow-up timing.

Expiry behavior

When now > poc_expires_at:

  • PocExpiryMiddleware (loaded into the FastAPI app at startup) intercepts every request
  • Non-safe HTTP methods (POST/PUT/PATCH/DELETE) return HTTP 423 Locked with a body explaining how to convert to paid
  • Safe methods (GET/HEAD/OPTIONS) continue working — customer can still log in to download the report and view their data
  • Whitelisted paths still accept writes:
    • /api/v1/poc/convert — for conversion to paid
    • /api/v1/poc/report — for report regeneration
    • /api/v1/auth/* — so they can log in

Middleware uses a 60-second cache on the per-tenant poc_expires_at lookup to keep request latency negligible.

After conversion

Flip poc_mode=false via POST /api/v1/poc/convert/<tenant_id>. The tenant becomes a regular paid tenant:

  • Expiry timer cleared
  • Funnel stage tracking stops
  • Middleware skips the tenant
  • All POC artifacts (rules, mappings, syncs) carry over unchanged

After abandonment

If the customer never converts:

  • Day 30: write-blocking kicks in (read-only mode)
  • Day 60: tenant marked for deletion
  • Day 90: data deleted; sales gets a final report on what happened (for product-team feedback)

Privacy posture

The POC report is the centerpiece of the privacy story. CISOs and DPOs who would normally need 4-6 weeks to approve a POC can read the report, satisfy themselves on the data-handling posture, and approve the trial within days. This is the entire reason POC mode exists as a first-class feature.

RapidValue IGA · Built in Belgium

© 2026 RapidValue. Sovereignty-first identity governance.