How to Use This Demo

The ecosystem is gated, and this app adds a second gate on top: it is owner-only. Sign in as the universal owner to open it. A viewer or guest who navigates here sees an owner-only gate, and the users, roles and sessions never enter the page — the adapter reads are owner-gated.

OPERATE shows the staff users table — name, role, status, access scope (domains and apps), and last seen — with inline actions to cycle a user's role or suspend/reinstate them. Below it, the active sessions list shows device, IP, age, and which session is current. CONFIGURE shows the role→permission matrix and the SSO panel. Every change is written to the Audit tab.

This app has no metered model stage, so there is no Cloud/OSS cost to show; the inspector's relevance here is the access model itself. The SSO panel is explicitly labelled as a display of the real IdP that Stage-2 wires in — the prototype authenticates against the universal owner credential.