Quick start (30 minutes)

The canonical demo arc — the same one a RapidValue engineer walks through on a first-contact sales call. End-to-end in 30 minutes: blank tenant → connected target → governed role → SoD-aware request flow.

Goal

By the end you'll have one real target system connected, one role mined and formalized from observed access, and one access request running through the governance flow you just configured.

Prerequisites

• A RapidValue tenant (cloud trial, or self-hosted control plane)
• One target system you can read from. Anything that speaks SCIM 2.0, LDAP/AD, or sits in the connector catalog works.
• Five minutes of admin time on that target (read-only credentials, an API key, or a service account)

Step 1 — Connect a target (5 min)

1. Open the tenant. You'll land on the Welcome page with an empty dashboard.
2. Click Add connector → choose your target's type (or pick SCIM 2.0 if you're not sure — it covers ~25 SaaS vendors out of the box).
3. The connector wizard takes over: paste the endpoint URL, drop in credentials, click Test connection.
4. The wizard auto-discovers users, groups, and roles. Heuristic field mapping pre-fills the IGA-side schema. Click Accept all unless something looks wrong.
5. Run first sync. A few hundred to a few thousand identities flow in, depending on the target.

You're now in the bootstrapped → connected funnel stage.

Step 2 — Look at the opportunities (5 min)

Open Role mining → Opportunities.

RapidValue scans your sync data and groups it into three intent buckets:

• Formalize a pattern — a cluster of identities share access; turn it into a role
• Extend an existing role — most members of a role have an extra entitlement; add it to the role definition
• Bring drift under control — explicit grants outside any policy

Opportunities are sorted by impact (members affected × risk reduced).

Step 3 — Formalize an opportunity (10 min)

1. Pick a Formalize a pattern opportunity. Good first candidates: an ops team's standard toolkit, a manager group's reporting access, an engineering team's source-control bundle.
2. Click into it. The drawer shows the candidate role's name (derived from shared attributes), member preview, and the live grant tail — the actual entitlements every member would inherit.
3. Adjust if needed — drop entitlements, rename, set the owner.
4. Click Formalize. The role is created, governance is attached, and members are migrated to inherit through the role.

The funnel ticks over to connected → activated → formalized.

Step 4 — Run a governed request (5 min)

1. Switch role to Demo Manager (top-right persona switcher).
2. Open the catalog as if you were any other employee, request access to the role you just formalized, on behalf of one of your direct reports.
3. The request goes through the approval rules attached to the sector pack you installed (or the default rules if none).
4. Switch back to Demo Admin — you'll see the request in the Approvals queue. Approve it.
5. The agent picks up the provisioning task and writes the grant to the target. Confirm in the target's native UI.

Step 5 — Optional: enable the take-home report (5 min)

If you're running this as a POC for someone else, enable POC mode at the start so the tenant generates a privacy-safe take-home report at the end. CISOs and DPOs read it without having to log into the tool.

What just happened

You went from blank to governed in 30 minutes. The same arc on a legacy IGA platform: 4 months of professional services. That gap is the entire RapidValue thesis.

Next steps

• Browse the connector catalog — see if your other targets are in scope
• Install the agent — for EU-sovereign or air-gapped deployments
• Run a real POC — 30-day trial tenant with funnel tracking and take-home report