> ## Documentation Index
> Fetch the complete documentation index at: https://docs.contraforce.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ContraForce Gamebooks for Identity Enterprise Application

> This article provides an overview of the ContraForce Gamebooks for Identity enterprise application.

**ContraForce Gamebooks for Identity Overview**

The ContraForce Gamebooks for Identity enterprise application is used to authorize Gamebook executions that target User entities. Specifically, the service principal requires User.ReadWrite.All and User.AuthenticationMethod.ReadWrite.All scopes. These scopes are consented with application (app-only) permissions, allowing the service principal to run Gamebook actions without a signed-in user present. Password Reset runs in an on-behalf-of flow (delegated, with a signed-in user) by default; when a customer enables the optional service-provider password reset add-on, it runs app-only via a customer-consented `User-PasswordProfile.ReadWrite.All` permission plus an **Authentication Administrator** directory role assigned to this service principal (see the [Enterprise Applications Reference](/guides/technical/enterprise-applications#contraforce-gamebooks-for-identity)). Because application actions execute unattended, operator control is enforced through Gamebook approval gates (only Workspace Owners can approve high-impact actions) and a complete audit trail in the Gamebooks History page.

![Gamebooks for Identity permissions](https://7831355.fs1.hubspotusercontent-na1.net/hubfs/7831355/image-png-Sep-09-2025-03-12-46-9239-PM.png)

<Tip>
  If you have any questions, contact us at [support@contraforce.com](mailto:support@contraforce.com).
</Tip>
