Technical
      Back to home
      1. Knowledge Base
      2. Technical

      ContraForce Gamebooks for Identity Service Principal

      This article provides an overview of the ContraForce Gamebooks for Identity Service Principal.

      ContraForce API Overview

      The ContraForce Gamebooks for Identity service principal is used to authorize Gamebook executions that target User entities. Specfically, the service principal requires User.ReadWrite.All and User.AuthenticationMethod.ReadWrite.All scopes. By default, the scopes are requested with a delegated permission type - that is, for use in on-behalf-of flows, which requires a signed-in user to be present. However, the service principal can also be granted application permissions that are able to run without a user present (except for Password Reset, which always requires use of delegated type permissions).

       

      If you have any questions, contact us at support@contraforce.com. 

       

      Client ID` 36b0d51c-4c0f-4810-9cc4-bfbd40c7dd4a
      API Microsoft Graph
      Permission User.ReadWrite.All
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the Gamebooks execution engine to take invalidate user sessions and lock user accounts on behalf of the signed in user.

       

      Client ID` 36b0d51c-4c0f-4810-9cc4-bfbd40c7dd4a
      API Microsoft Graph
      Permission User.AuthenticationMethod.ReadWrite.All
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission is used by the Gamebook execution engine to reset a user’s password on behalf of the signed in user.

       

      Client ID`

      		 36b0d51c-4c0f-4810-9cc4-bfbd40c7dd4a
      API Microsoft Graph
      Permission Alert.ReadWrite
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission allows the ContraForce Gamebooks for MDE service principal to read and write alerts that the signed-in user has access to. 

       

      Client ID`

      		 36b0d51c-4c0f-4810-9cc4-bfbd40c7dd4a
      API Microsoft Graph
      Permission User.ManagedIdentites.All
      Type Delegated
      Admin Consent Required Yes
      Purpose  

       

      Client ID`

      		 36b0d51c-4c0f-4810-9cc4-bfbd40c7dd4a
      API Microsoft Graph
      Permission UserAuthenticationMethod.ReadWrite
      Type Delegated
      Admin Consent Required Yes
      Purpose This permission is used by the Gamebook execution engine to reset a user;s password on behalf of the signed in user.