> ## Documentation Index
> Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Workspace Onboarding Verification
> Post-onboarding verification runbook for service providers. Use this checklist after a customer admin finishes the Setup Wizard to confirm the deployment is healthy.
A focused verification runbook to run **after a customer admin completes the Setup Wizard**. Use it to confirm every part of the deployment is healthy before declaring the workspace go-live.
**Who is this for?**
Service-provider operations and onboarding leads verifying a freshly onboarded customer workspace.
For the steps that come before this point (pre-onboarding the customer, the customer's own wizard journey), see:
Pre-onboard the customer workspace
What the customer admin sees on their side
***
## Core Verification
Run these checks first. Any failure here blocks go-live.
* The customer workspace shows **Active** status (not **Pending customer setup**) in your Workspace Center
* You received the **Customer onboarding complete** real-time notification in the portal
* Open the customer's workspace and confirm every pre-selected module shows **Connected**
* Navigate to the **Command Dashboard** filtered to the customer workspace and verify incidents appear (allow 5 to 15 minutes for initial sync)
* Open an incident and confirm the **Workbench** loads with entity context and timeline
* Verify Gamebook response actions appear on incident entities (do not execute on production entities)
**Don't test response actions on production entities.** Gamebook actions like "Isolate Device" or "Disable User" execute immediately. Use a test account or device if you want to verify functionality.
***
## Sentinel-Specific Verification
Skip this section if the customer is on Defender-only.
* Sentinel incidents are syncing alongside Defender for Endpoint incidents
* Azure Lighthouse delegation completed successfully in the customer's subscription
* Supporting Azure infrastructure deployed by Sentinel consent shows **Active**
* Navigate to **Content Management System (CMS)** and verify the detection rule library is accessible
* Log search is functional
Sentinel Azure infrastructure is provisioned in the background after the customer grants Sentinel consent. If verification fails, allow 5 to 10 extra minutes for the deployment to complete before retrying.
***
## If Something Fails
| Symptom | Likely cause | Where to look |
| ----------------------------------------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Workspace stuck in **Pending customer setup** | Customer hasn't finished the wizard | Resend the invite or contact the POC |
| Module shows **Not Connected** in the customer's view | Consent skipped or denied | Customer can re-open the picker from their Get Started checklist ([Re-opening pickers](/guides/onboarding/customer-workspace-onboarding#re-opening-the-detection-or-response-picker)) |
| No incidents appearing after 30 minutes | No active incidents in source system | Check Defender, Sentinel, or CrowdStrike console for existing incidents |
| Sentinel infrastructure didn't deploy | Insufficient Azure permissions | Verify customer admin has Subscription Owner |
| Gamebook actions unavailable on entities | Response module not connected | Customer reconnects the response module from their Modules tab |
For sign-in failures encountered by the customer admin, point them to the [Customer onboarding sign-in failed troubleshooting](/guides/onboarding/customer-workspace-onboarding#troubleshooting-sign-in-failed).
***
## After Verification Passes
Two follow-ups close out the onboarding.
### Assign your team to the workspace
Use organization-level groups rather than individual users so future onboardings are consistent.
| Role | Best for |
| ------------------ | ------------------------------------------- |
| Admin | Team leads, workspace owners |
| Incident Responder | SOC analysts who need response capabilities |
| Incident Analyst | Junior analysts, read-only access |
| Data Source Admin | Integration specialists |
| Content Admin | Detection engineers (Sentinel only) |
Detailed user and group setup, including organization-level groups
### Configure notifications (Sentinel only)
Severity filters, distribution group setup, and test notification verification
***
## Go-Live Communication
* Notify the customer that ContraForce is live on their environment
* Share relevant documentation links with the customer team
* Confirm the customer knows how to reach your delivery team
* Document any customer-specific configuration notes or permission exceptions
* Schedule a follow-up check-in within 7 days to review initial incident volume and rule tuning
***
**Need help?** Contact us at [support@contraforce.com](mailto:support@contraforce.com).