Skip to main content
ContraForce provides flexible user management with role-based access control. Add users from your Entra ID directory, assign organizational and workspace roles, and control exactly what each team member can access. Setting up default groups during initial configuration saves time and ensures consistent access patterns. Suggested Partner Groups
Group NameDescriptionSuggested Workspace Role
SOC Tier 1Front-line analysts handling initial triageIncident Analyst
SOC Tier 2Senior analysts with response capabilitiesIncident Responder
SOC ManagersTeam leads overseeing operationsAdmin
Integration EngineersTechnical staff managing connectorsData Source Admin
Account ManagersCustomer relationship managersIncident Analyst (read-only)
ContraForce integrates with Microsoft Entra ID (formerly Azure AD) to pull user identities. Users must exist in Entra ID before they can be added to ContraForce.

User Management Overview

Organizational Roles

Control who can manage users, groups, and workspace settings across your organization

Workspace Roles

Define what users can do within specific customer workspaces

User Roles at a Glance

ContraForce uses a two-tier role system: Organizational Roles control administrative access, while Workspace Roles control operational access.

Workspace Roles Quick Reference

RoleView IncidentsRun GamebooksManage EndpointsManage Data ConnectorsManage Users
Admin
Incident Responder
Incident Analyst
Data Source Admin

Complete Role Reference

View detailed permissions for all organizational and workspace roles

Adding Users During Onboarding

The easiest time to add users is during the initial ContraForce onboarding process.

Onboarding Wizard

When you deploy ContraForce modules, the Onboarding Wizard provides the first opportunity to add users:
User management in onboarding wizard
1

Select User

Click the User dropdown to see available users from your Entra ID directory
2

Verify Name

Confirm the first and last name displayed matches the intended user
3

Assign Role

Select the appropriate workspace role from the dropdown
4

Add More Users

Repeat for additional users, or continue with onboarding
Add at least one Admin user during onboarding. This ensures you have full access to manage the workspace after setup is complete.

Managing Users After Onboarding

After initial setup, you can add and manage users through the Settings page. Before you can manage users post-onboarding, you must consent the User Management service principal:
1

Navigate to Workspaces

Go to the Workspaces page
2

Open Workspace Settings

Click the gear icon on the right side of the workspace row
3

Find User Management

Locate the User Management service principal in the list
4

Click Consent

Complete the Microsoft consent flow with admin credentials
User Management service principal consent
You must have Global Administrator or appropriate admin privileges in the Microsoft tenant to complete the consent flow.

Step 2: Access User Management

1

Open Settings

Click Settings in the navigation menu
2

Select User Management

Click the User Management tab
3

View Current Users

The user list displays all users with access to ContraForce
User Management settings page

Step 3: Add New Users

1

Click Add User

Click the Add User button in the top right corner
2

Search for User

Search for the user by name or email in the Entra ID directory
3

Select User

Click the user to select them
4

Assign Roles

Choose organizational and workspace roles
5

Save

Click Add to complete the process
Add user dialog
The Add User button only appears if your account has User Admin or Org Admin permissions.

Understanding Role Types

Organizational Roles

Organizational roles control administrative functions across your entire ContraForce instance:
RoleAdd/Manage UsersAdd/Manage GroupsAdd WorkspacesView All Workspaces
Org Admin
User Admin
Workspace Admin
Org Member

Workspace Roles

Workspace roles control what users can do within specific customer workspaces:
Full access to all workspace features
  • View and manage all incidents
  • Run any Gamebook action
  • Manage endpoints and data connectors
  • Configure workspace settings
  • Manage workspace users
Best for: Team leads, senior analysts, workspace owners

User Groups

Simplify access management by organizing users into groups.

Benefits of Groups

Bulk Assignment

Assign workspace access to multiple users at once

Easier Management

Update group membership instead of individual users

Consistent Access

Ensure team members have the same permissions

Creating Groups

1

Navigate to Groups

Go to Settings > Groups
2

Create New Group

Click Add Group and enter a name
3

Add Members

Search for and add users to the group
4

Assign to Workspaces

Assign the group to workspaces with appropriate roles

Assigning Users to Workspaces

Users need workspace assignments to access customer data.

Individual Assignment

  1. Open the workspace settings
  2. Navigate to Users or Access
  3. Click Add User
  4. Select the user and assign a workspace role
  5. Save changes

Group Assignment

  1. Open the workspace settings
  2. Navigate to Groups or Access
  3. Click Add Group
  4. Select the group and assign a workspace role
  5. All group members inherit access
Use groups for teams that need access to the same set of workspaces. This makes onboarding new team members faster—just add them to the appropriate group.

Managing Existing Users

Viewing User Details

Click any user in the User Management list to view:
  • Assigned organizational role
  • Workspace assignments and roles
  • Group memberships
  • Last login time

Editing User Roles

1

Select User

Click the user in the User Management list
2

Edit Roles

Modify organizational or workspace roles as needed
3

Save Changes

Click Save to apply the new permissions

Removing Users

1

Select User

Click the user you want to remove
2

Click Remove

Click the Remove User or Delete button
3

Confirm

Confirm the removal when prompted
Removing a user revokes all their access to ContraForce immediately. This action cannot be undone—you’ll need to re-add the user if you want to restore access.

Best Practices

Assign the minimum role necessary for each user’s job function. Start with Incident Analyst and escalate to Responder or Admin only when needed.
Create groups that mirror your team structure (e.g., “Tier 1 Analysts”, “Senior Responders”). This simplifies access management as team members change.
Review user assignments quarterly to ensure former team members have been removed and current roles are still appropriate.
Maintain records of who has access to which workspaces and why. This helps with compliance audits and access reviews.
Don’t give everyone Admin access. Reserve Admin roles for users who genuinely need to manage configurations and other users.

Troubleshooting

Common Issues

IssuePossible CauseSolution
Can’t see Add User buttonMissing User Admin or Org Admin roleContact your administrator for elevated permissions
User not found in dropdownUser doesn’t exist in Entra IDVerify user exists in Microsoft Entra ID
Consent flow failsInsufficient admin privilegesUse Global Administrator or appropriate admin account
User can’t access workspaceNo workspace assignmentAssign user directly or via group to the workspace
User has wrong permissionsIncorrect role assignmentEdit user and assign correct workspace role

User Roles Reference

Complete permissions for all roles

Workspaces Page

Manage workspace settings

Enterprise Applications

Service principals and consent

Multi-Tenant Features

Managing multiple customers
Questions about user management? Contact us at [email protected].