Portal Overview

The InfraScout portal is a single-page Vue 3 application served at https://portal-dev.infrascout.cloud. It is the primary surface for browsing assessments, reviewing insights, and (for administrators) configuring how InfraScout connects to your environment. This section documents every screen.

Authentication

The portal authenticates with Microsoft Entra ID (MSAL). There is no separate username/password — your tenant's existing identity controls who gets in.

When you visit the portal:

  1. The app calls a public endpoint to fetch its MSAL configuration.
  2. If you have no cached session, you are redirected to Microsoft's sign-in page.
  3. After successful sign-in, an access token is cached locally and attached as Authorization: Bearer <token> to every API request.
  4. Tokens are silently renewed in the background; you stay signed in across browser restarts as long as your tenant policy allows it.

If your account does not carry any recognized InfraScout role, you are routed to the Access Denied screen instead of the dashboard. If your tenant has not yet been onboarded, you land on the Tenant Not Onboarded screen.

Layout

Every authenticated page renders the same outer chrome:

  • NavBar at the top — primary navigation, status indicators, user menu
  • Main content — the current view, transitioned with a fade between routes
  • Footer — version and links
  • Toast and confirmation overlays — global, mounted once at the app level

A drawer-style mobile navigation replaces the desktop NavBar on small viewports. The full menu is reachable through the hamburger icon top-left.

When the API health check fails, a red offline banner pins to the top of the page so you know the backend is unreachable before you start clicking. The banner clears automatically when the API recovers.

User area vs. admin area

The portal has two distinct navigation modes:

  • User area (the default): Dashboard, Chat, Agents, Sessions, Insights, Executions, Settings
  • Admin area (/admin/*): Agent Management, AI Integrations, Role Management, Notifications, Audit & Compliance

Both modes share the same authentication, the same offline banner, and the same user menu. Only the navigation bar changes. Non-admin users never see the Admin entry point in the user NavBar; admin users see it as the right-most menu item and switch into the admin area by clicking it.

Inside the admin area, a persistent "Admin" badge in the navbar reminds you of the elevated context. The Home icon (left of the dropdowns) takes you back to the user area without signing out.

From left to right:

  • Logo and product name (links to dashboard)
  • Home (icon-only) — /
  • Chat/chat
  • Agents/agents
  • Sessions/sessions
  • Insights/insights
  • Executions/executions
  • Admin (only for admins) — enters the admin area at /admin/agents
  • SSE indicator — shows whether real-time updates are connected
  • API status badge — Connected / Checking / Error
  • User avatar dropdown — name, email, role badge, link to Settings, Sign Out

The admin NavBar replaces the user links with five hover-dropdowns, each leading into a tabbed admin section:

  • Agent Management — Agents, Agent Groups, Updates, Update Policies, Inventory Policies
  • AI Integrations — Playbooks, Tool Groups, AI Providers, Agentic Workflows, MCP Servers, Memory
  • Role Management — Users, Groups, Connectors
  • Notifications — Delivery Log, Notification Templates
  • Audit — Audit Events, Browser Sessions, MCP Sessions, Executions, Chat Audit

The right side of the NavBar (SSE indicator, API status, user menu) is identical in both modes.

Real-time updates

The portal subscribes to a Server-Sent Events (SSE) stream on every authenticated page. Backend mutations — agent state changes, new sessions, completed executions, new insights — push through the stream and trigger debounced reloads of the affected views. You almost never need to click Refresh manually; it is provided as an explicit fallback for when you want to force a full reload.

The SSE indicator in the navbar tells you whether the stream is currently connected.

Visibility model

Every entity (insight, session, agent, agent group) carries a visibility list of Entra IDs (users and groups) who are allowed to see it. The portal enforces visibility on every list and detail view — you only see what your identity grants you access to.

Two scopes are exposed in the UI:

  • My work — items where you are the assignee or owner
  • All visible — every item visible to your identity (including team-shared)

The Dashboard exposes this as a toggle in its header; other views default to "All visible" and let you filter further.

Available pages

The rest of this section walks through every screen in detail:

User area

Authentication & Onboarding, Session Detail, Insight Detail, and Settings are documented separately as those screens stabilize.

Admin area

Agentic Workflows, Notifications, and the raw Audit Events feed will be added once those screens settle and screenshots are captured.