Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt

Use this file to discover all available pages before exploring further.

This guide walks you through getting your service-provider organization up and running on ContraForce. By the end, you’ll be ready to pre-onboard your first customer.
Who is this for?
  • MSP/MSSP partners setting up your parent tenant before onboarding customers
  • Internal security teams deploying ContraForce for your own organization
If a teammate gets stuck at sign-in, jump to Troubleshooting: Sign-in failed.

Prerequisites

RequirementWhy
Microsoft Entra Global AdministratorRequired the very first time anyone from your tenant signs in, to grant ContraForce permission to read security data
ContraForce sign-up linkProvided by your account team
Pop-ups allowed for portal.contraforce.comMicrosoft consent prompts open in popup windows
If your tenant has a “Do not allow user consent” policy, the consent must be completed by a Global Administrator. Non-admin users will see a Sign In Failed page. See Troubleshooting: Sign-in failed below.

Step 1: Grant ContraForce Access to Your Tenant

Before anyone in your organization can sign in, a Microsoft Entra Global Administrator has to grant ContraForce permission to read security data from your tenant. This is a one-time approval.
1

Open the ContraForce sign-up link

Use the link your account team shared with you.
2

Sign in with Microsoft

You’ll be redirected to Microsoft. Sign in with your Global Admin credentials.
3

Review the requested permissions

Microsoft displays a consent screen listing the permissions ContraForce needs. Review the list and click Next.
Microsoft consent dialog showing ContraForce Portal permissions
4

Accept the second consent

Microsoft may ask you to consent a second time: once for the ContraForce platform API and once for the ContraForce Portal. Check Consent on behalf of your organization and click Accept.
Microsoft consent dialog showing ContraForce API permissions

Step 2: Sign In for the First Time

Once consent is granted, create a workspace for your organization.
Create a workspace for your organization
The platform detects that this is a brand-new tenant and creates your account automatically. You’ll land on the Command page.
Service provider getting started

Step 3: The Get Started Checklist

The Get started with ContraForce panel is your home base for setup. It lists the activities your organization still needs to complete.
ItemWhat it does
Create your accountAlready done by signing in for the first time
Setup agent centerChoose where ContraForce-hosted automation runs
Connect sourcesConnect your own security tools so your SOC team can use ContraForce internally
Add customer workspacesPre-onboard the customers you’ll be managing
Each unchecked item has a Start button on the right that takes you straight to the relevant page. You can dismiss the panel at any time using the ✕ in the top right; it will also self-hide once every item is complete.

Step 4: Set Up Your Agent Center

Click Start next to Setup agent center. This is where you choose how the ContraForce automation engine runs for your organization.
Deploy your agent center
You can either deploy your agent here or skip it and continue with the other items. If you deploy an agent, the Setup agent center item shows a green checkmark when you return to the Command page.

Agent Center Deployment Reference

Detailed Agent Center setup, requirements, and configuration options

Step 5: Connect Detection Sources to Your Own Workspace

Click Start next to Connect sources. This jumps you straight to the detection-source picker for your own workspace.
Connect your detection sources
Select the security tools your team uses, then follow the prompts to authorize ContraForce to read from each one. Once at least one detection source is connected, the Connect sources item on the checklist will check off.
Connecting Microsoft Sentinel triggers ContraForce to deploy the supporting Azure infrastructure in your subscription automatically. You don’t need a separate Azure deployment step. Provisioning runs in the background after you grant consent.

Step 6: Add a Customer Workspace

Click Start next to Add customer workspaces. You’ll land on the Workspace Center with the Onboarding tab active and the Add workspace rail panel already open on the right.
Add customer workspace
Fill in the customer details:
FieldDescription
Workspace nameFriendly label you’ll use to refer to this customer
Tenant IDThe customer’s Microsoft Entra tenant ID
Primary point-of-contact emailThe customer admin who will complete the wizard on their side
Detection modulesPre-select the security tools the customer is bringing
Response modulesPre-select the response capabilities the customer will use
Pre select customer modules
Click Send Invite. ContraForce sends an invite email to the POC, and the new workspace appears as a card in the Onboarding tab with a Pending customer setup badge.
customer workspace preonboarded
Repeat this step for every customer you want to manage.
When the customer admin finishes their wizard, you’ll receive a real-time notification in the portal so you know their workspace is live.

Customer Workspace Onboarding

What your customer sees on their side after they receive the invite email

Troubleshooting: Sign-in Failed

If a teammate sees the Sign In Failed page after trying to log in, it usually means one of three things:
  • The Microsoft admin consent step was skipped
  • A non-admin user tried to sign in before consent was granted
  • A previous sign-in session is stuck
Consent failed

What to do, in order

1

Click Return to the application without granting consent

This bounces you back to a clean state without applying a half-completed consent.
2

Send the admin consent link to your admin

Copy the admin consent link from the page and forward it to your Global Admin.
Sign-In failed
3

Have your admin complete the consent flow

Your admin clicks the link, signs in as a Global Administrator, and walks through the Microsoft consent prompts.
First consent permission
Second consent permission
FirsThridt consent permission
Permissions Approved
Wait until your admin reaches the Permissions Approved card before you try again.
4

Try sign-in again

Once consent is approved, you can sign in normally and proceed to create your workspace.
Sign-In again
Create workspace again

Next Steps

User & Group Management

Set up groups before onboarding customers

Customer Workspace Onboarding

What your customer sees on their side

Multi-Tenant Features

Manage multiple customers efficiently

Roles & Permissions Reference

Plan role assignments for your team
Questions about platform onboarding? Contact us at support@contraforce.com.