SSO & Access Controls

Last verified: 13 February 2026 | Applies to: Enterprise (SSO/SCIM); Team (basic admin controls)

In 30 seconds

Enterprise plans support SAML-based single sign-on (SSO) and SCIM for automated user provisioning. Team plans have basic admin controls but not SSO or SCIM. If centralised identity management is a requirement, you need Enterprise.

What’s available by plan

Feature	Team	Enterprise
Admin dashboard	✓	✓
Invite/remove users	✓	✓
Assign seat types	✓	✓
Provision plugins	✓	✓
SAML SSO	—	✓
SCIM provisioning	—	✓
Role-based access	—	✓
Custom domains	—	✓

SSO setup (Enterprise)

Enterprise SSO uses SAML 2.0. Compatible with:

• Okta
• Azure AD / Entra ID
• Google Workspace
• OneLogin
• Any SAML 2.0-compliant identity provider

Setup process:

1. Contact Anthropic’s enterprise team to enable SSO for your organisation
2. Configure your identity provider with the SAML metadata provided by Anthropic
3. Map user attributes (email, display name, department)
4. Test with a pilot group
5. Enable for the full organisation
6. Optionally enforce SSO (block email/password login)

SCIM provisioning (Enterprise)

SCIM automates user lifecycle management:

• Create: When a user is added to a group in your IdP, they’re automatically provisioned in Claude
• Update: Attribute changes (name, department) sync automatically
• Deactivate: When removed from the group, access is automatically revoked

This eliminates manual user management and ensures access is always current with your identity provider.

Team plan admin controls

Team plans don’t have SSO or SCIM, but do provide:

• Invite by email — add team members individually
• Seat management — assign Standard or Premium seats
• Plugin provisioning — install plugins for the organisation
• Connector management — approve or restrict connectors
• Remove users — revoke access immediately

What to watch out for

• SSO is Enterprise only. If your organisation requires SSO for all tools, you need Enterprise. There’s no SSO on Team plans.
• SCIM requires IdP configuration. Work with your IT team to set up the SCIM integration with your identity provider.
• Seat type assignment is separate from SSO. Users authenticate via SSO, but their seat type (Standard/Premium) is still managed in the Claude admin dashboard.

Related

• Admin Setup — full deployment guide
• Security & Compliance — data handling and compliance
• Choosing a Plan — Team vs Enterprise comparison

---

Something wrong or outdated? Let us know →

Get weekly workflows — subscribe to the newsletter.