Skip to main content
This guide is for customer admins whose service provider has pre-onboarded their workspace in ContraForce. You’ll receive an invite email from your service provider. Click the link to start.
Who is this for?
  • Customer security or IT admins finishing the workspace their MSP/MSSP started for them
  • Global Administrators in the customer’s Microsoft Entra tenant who need to grant ContraForce access
If your sign-in fails before you reach your workspace, jump to Troubleshooting: Sign-in failed.

Prerequisites

RequirementWhy
Microsoft Entra Global AdministratorRequired to grant ContraForce consent. Microsoft Graph app-only permissions can only be granted by a Global Administrator
Invite email from your service providerThe link in this email is your onboarding entry point
Pop-ups allowed for portal.contraforce.comThe Microsoft consent prompts open in a popup window
Azure Subscription OwnerOnly if you’ll deploy the Microsoft Sentinel module, which deploys supporting Azure infrastructure
Granting consent requires a Global Administrator. Cloud App Admin and Application Admin roles cannot grant the app-only permissions ContraForce needs. If you aren’t a Global Administrator, forward your invite link to a Global Admin in your organization and have them sign in instead.

How onboarding works

Your service provider has already created your workspace and pre-selected the Detection and Response modules you need. Your job is to sign in, grant ContraForce access to your tenant, and grant Consent for each module on the Modules tab. There’s no completion screen to wait for. Your workspace is onboarded when its status light turns green on its card in the Workspace Center. Your service provider receives a real-time notification the moment your workspace goes live.

Step 1: Grant ContraForce Access to Your Tenant

When you click the link in your invite email, you’ll be redirected to Microsoft to sign in. The first time anyone from your organization signs in, a Global Administrator must approve the core ContraForce app. ContraForce requests two core consents — ContraForce API and ContraForce Portal — as two separate Microsoft consent prompts. Accept both.
1

Click the invite link

Open the email from your service provider and click the onboarding link. You’ll be taken to portal.contraforce.com.
2

Sign in as a Global Administrator

You’ll be redirected to Microsoft. Sign in with your Global Admin credentials.
3

Review and accept the ContraForce API consent

Microsoft displays a consent screen listing the permissions ContraForce needs to read security data from your tenant. Check Consent on behalf of your organization and click Accept.
Microsoft consent dialog showing ContraForce API permissions
4

Review and accept the ContraForce Portal consent

A second Microsoft consent prompt appears for the ContraForce Portal. Check Consent on behalf of your organization again and click Accept.
Second Microsoft consent screen with the org-wide checkbox highlighted
This is a one-time approval. Once a Global Admin grants both core consents, the rest of your team can sign in normally.
After the core consents are granted, open your workspace and go to the Modules tab. The modules your service provider pre-selected are already listed for you — you just grant Consent for each one.
1

Open your workspace

From the Workspace Center, open the workspace your service provider created for you.
2

Go to the Modules tab

Each pre-selected detection and response module appears here with a Consent action.
3

Click Consent on each module

A Microsoft consent window opens. Sign in if prompted, review the permissions, and click Accept. Consent is granted per module — repeat for each module on the tab. You can consent to modules in any order.
Microsoft Sentinel customers: Consenting to the Sentinel module automatically deploys the supporting Azure infrastructure in your subscription, including the Azure Lighthouse delegation, the Apollo resource group, and the Sentinel-side automation. You don’t need to run a separate Azure deployment step. To deploy Sentinel, you must be an Azure Subscription Owner. Allow a few minutes for resources to appear.
Response modules (such as Gamebooks for Defender XDR, Identity, Microsoft 365, Azure, and SentinelOne) enable Gamebook actions like isolating devices, disabling users, and quarantining files. Consent to them the same way — a single Consent per module.

Step 3: Confirm Your Workspace Is Live

There’s no completion screen. Your workspace is onboarded when its status light turns green on its card in the Workspace Center.
Status lightWhat it means
BluePre-onboarded — your service provider created the workspace and invited you
AmberA module or agent is still missing — finish consenting to your modules
GreenOnboarded and live — incidents will begin to flow in
Your service provider receives a real-time notification when your workspace goes live, so they’ll know you’re ready.

Adding Users (After Onboarding)

Adding users is not part of onboarding. Once your workspace is live, add teammates from Settings → User Management using the Invite people to the organization dialog. Manage groups from Settings → Group Management.

Troubleshooting: Sign-in Failed

If you click your invite link and see a Sign In Failed page, it’s almost always because:
  • You aren’t a Global Administrator and ContraForce hasn’t been pre-approved for your tenant yet
  • A previous sign-in attempt got into a bad state
Need admin approval

What to do

1

Click Sign out in the top right

This clears any stale session that might be blocking sign-in.
2

If you're a Global Admin, click Try Again

Sign in. Microsoft will show the consent screen. Accept both core consents, and you’ll proceed into your workspace.
3

If you're not a Global Admin, click Email Your Admin

Or copy the Admin Consent Link from the page and send it to a Global Admin in your organization. Once they accept, return to your invite link and click Try Again.
Don’t keep retrying the same sign-in repeatedly without signing out. Repeated failures can compound the bad-session state and require a browser cache clear to recover.

Next Steps

Defender for Endpoint Module

Deploy and consent to the Defender for Endpoint module

Command Dashboard

Your home base for incident triage across your environment

Incident Management

How to triage, investigate, and respond to incidents

What Are Gamebooks?

Automated response workflows you can run from any incident
Need help? Contact us at support@contraforce.com.