Claude Code has become a powerful pair\u2011programming assistant for developers, but managing it across an enterprise team introduces real friction. Individual Max subscriptions lead to scattered billing, no visibility into usage, and no centralized control over who can access what. <\/p>\n\n\n\n
As soon as several engineers start using Claude Code heavily, these loose setups quickly become a budget and security problem. Anthropic\u2019s Team and Enterprise plans solve this by bringing Claude Code under a single, centrally managed subscription. <\/p>\n\n\n\n
Organizations can now enforce SSO, assign Standard or Premium seats, lock down policies with managed settings, and control spend and compliance at scale. This structure turns a collection of personal accounts into a governed, enterprise\u2011grade coding assistant for your entire engineering organization.<\/p>\n\n\n\n
In this article, we will walk through exactly how to enable Claude Code for your enterprise team, what the plan differences are, how seat types work, how to configure SSO and admin controls, how to set organization-wide policies, and what the Compliance API offers for teams with regulatory requirements.<\/p>\n\n\n\n
Quick TL;DR: <\/strong><\/p>\n\n\n\n Upgrade to a Team or Enterprise plan and assign premium seats to developers through the admin panel<\/strong><\/p>\n\n\n\n Enterprise and Team customers can now upgrade to premium seats that include more usage and Claude Code, bringing Claude’s app and powerful coding agent together under one subscription. Admins have full flexibility to assign standard or premium seats according to individual user requirements and organizational roles.<\/p>\n\n\n\n The Team plan is designed for organizations of 5 to 150 people, with per\u2011seat pricing and a fixed usage amount per seat. For teams with 150+ developers or strict compliance needs, the Enterprise plan is the right fit, offering usage\u2011based billing where all members share one organizational token pool and no per\u2011seat usage limits. <\/p>\n\n\n\n Enterprise also unlocks larger context windows: 500K tokens with Sonnet 4.6 in chat and 1M tokens when using Claude Code, which is critical for long, agentic coding sessions over large codebases.<\/p>\n\n\n\n Enterprise goes beyond Team by including SAML 2.0 and OIDC\u2011based SSO with SCIM for automated user provisioning and deprovisioning, detailed audit logs, and custom data retention settings.<\/p>\n\n\n\n \u00a0It also provides the Compliance API and Analytics API <\/a>for regulatory and usage\u2011monitoring use cases, plus HIPAA readiness via a Business Associate Agreement, making it the right choice for organizations that need governed, auditable AI <\/a>coding at scale.<\/p>\n\n\n\n One of the most practical parts of the Team and Enterprise setup is the two\u2011tier seat model. Admins can assign Standard seats<\/strong> for Claude.ai usage (writing, analysis, planning) and Premium seats<\/strong> for developers who need Claude Code<\/strong><\/a>. This lets you align costs with actual needs: product managers or designers typically only require Standard seats, while engineers living in the terminal with Claude Code agents should have Premium access.<\/p>\n\n\n\n Premium seats give users access to both Claude <\/a>and Claude Code, so developers can chat through design and research in Claude, then generate and run production\u2011ready code with Claude Code in the terminal.\u00a0<\/p>\n\n\n\n Seat upgrades are prorated within your billing cycle, allowing you to add Premium seats as your developer count grows without waiting for renewal. All of this is handled through the self\u2011serve admin panel, so you rarely need to contact Anthropic support when someone joins or leaves the team.<\/p>\n\n\n\n Step 1: Prepare for SSO before rollout Step 2: Configure SSO in the Admin Console<\/strong> Step 3: Claim your corporate email domains Step 4: Map IdP groups to Claude roles<\/strong> Step 5: Enable SCIM for Enterprise plans Once identity and SSO are set, the next step is controlling what Claude Code can do across your team\u2019s machines. The managed-settings.json file enforces organization\u2011wide policies that individual developers cannot override. Admins deploy it via MDM to system\u2011level paths on macOS or Linux<\/a>, where it governs permissions, model access, MCP server <\/a>allowlists, and sandbox behavior.<\/p>\n\n\n\n Granular control comes from a hierarchy of settings.json files: enterprise\u2011managed policies, project\u2011specific settings, and user preferences. These layers define \u201callow,\u201d \u201cask,\u201d and \u201cdeny\u201d rules for specific commands and actions in the terminal.<\/p>\n\n\n\n A sensible base policy blocks access to sensitive locations like .env files and secrets directories, sets \u201cask\u201d for file\u2011modifying or deployment\u2011related commands, and explicitly allows only the tools your workflows actually depend on.<\/p>\n\n\n\n For MCP server governance, the managed\u2011settings file lets admins define an allowlist of approved servers. This prevents developers from connecting Claude Code to arbitrary external services while still enabling approved integrations such as GitHub, Slack, or internal databases.<\/p>\n\n\n\n The result is a tightly controlled, yet flexible environment where external tools remain available only when they meet your organization\u2019s security and compliance standards.<\/p>\n\n\n\n For finance, healthcare, and government organizations, the Compliance API makes large\u2011scale Claude Code use possible. It gives compliance teams real\u2011time, programmatic access to usage data and customer content instead of manual exports. <\/p>\n\n\n\n Teams can build continuous monitoring, auto\u2011flag risks, and plug Claude data into existing dashboards. Selective deletion tools also let admins manage data retention and purge specific content when needed.<\/p>\n\n\n\n Consumer accounts (Free, Pro, Max) follow Consumer Terms: conversations are used for model training by default unless each user opts out. Work accounts on Team\/Enterprise follow Commercial Terms, where Anthropic acts as a data processor, and conversations are not used to train models by default. <\/p>\n\n\n\n This separation is essential for compliance and privacy in regulated industries. Moving employees from personal accounts to managed Work accounts is a data\u2011governance requirement, not just an admin cleanup.<\/p>\n\n\n\n\n
How Do You Enable Claude Code for an Enterprise Team?<\/strong><\/h2>\n\n\n\n
Understanding the Plans: Team vs. Enterprise<\/strong><\/h2>\n\n\n\n
Team Plan vs. Enterprise Plan<\/strong><\/h3>\n\n\n\n
What Sets Enterprise Apart<\/strong><\/h3>\n\n\n\n
\n When teams move from individual Max accounts<\/strong> to Team or Enterprise<\/strong>, Claude Code<\/strong> becomes a centrally managed, auditable pair-programming tool<\/strong>. Features like SSO, SCIM,<\/strong> and policy controls<\/strong> allow organizations to enforce security, cost limits,<\/strong> and restrict risky actions such as unauthorized file edits.\n
\n Enterprise plans also unlock up to 1M-token context windows<\/strong> (and 500K with Sonnet 4.6<\/strong>), enabling deeper reasoning across large codebases<\/strong>. With tools like the Compliance API<\/strong> and structured commercial terms, Claude Code evolves into a governed, production-ready system<\/strong> integrated into enterprise risk and compliance frameworks<\/strong>.\n
\n<\/div>\n\n\n\nSeat Types: Standard vs. Premium<\/strong><\/h2>\n\n\n\n
Standard vs. Premium Seats<\/strong><\/h3>\n\n\n\n
Managing and Upgrading Seats<\/strong><\/h3>\n\n\n\n
Setting Up SSO and Identity Management<\/strong><\/h2>\n\n\n\n
<\/strong>Decide on SSO first, before Claude Code reaches any developers. Deploying without SSO <\/a>creates personal accounts, inconsistent access, and messy deprovisioning later. This step is the foundation for a centralized, secure rollout.<\/p>\n\n\n\n
<\/strong>Claude supports SAML 2.0 and OIDC with Okta, Azure AD, Auth0, and Google Workspace. In the Claude Admin Console, enable \u201cRequire SSO for Console\u201d<\/strong> and \u201cRequire SSO for Claude\u201d<\/strong>. This enforces SSO authentication and inherits MFA from your identity provider.<\/p>\n\n\n\n
<\/strong>Use domain capture<\/strong> to claim your organization\u2019s email domains in Claude. Once active, any sign\u2011in with a company email is automatically routed to your enterprise workspace<\/a>. This prevents employees from falling back to personal accounts on any interface.<\/p>\n\n\n\n
<\/strong>In your identity provider, map groups (e.g., \u201cEngineering\u201d) to Claude roles: Primary Owner<\/strong> (full admin), Admin<\/strong> (users, policies, logs), and Member<\/strong> (standard users). When someone is added to the right group, they get the correct Claude role automatically. When they leave the group, their access is revoked across web, desktop, and CLI.<\/p>\n\n\n\n
<\/strong>On Enterprise, turn on SCIM<\/strong> <\/a>for automatic user provisioning and deprovisioning. SCIM lets you sync users from your IdP and manage access across multiple organizations (e.g., separate Team\/Enterprise or Console workspaces). This removes manual work and keeps access aligned with your HR and directory systems..<\/p>\n\n\n\nConfiguring Organization-Wide Claude Code Policies<\/strong><\/h2>\n\n\n\n
1. Enforcing Organization-Wide Policies<\/strong><\/h3>\n\n\n\n
2. Hierarchical Settings and Permission Rules<\/strong><\/h3>\n\n\n\n
3. Governing MCP Server Access<\/strong><\/h3>\n\n\n\n
Spend Controls and Usage Analytics<\/strong><\/h2>\n\n\n\n
Centralized Spend Control and Seat Management<\/strong><\/h3>\n\n\n\n
\n
Organization\u2011Level Caps and Usage Analytics<\/strong><\/h3>\n\n\n\n
\n
The Compliance API for Regulated Industries<\/strong><\/h2>\n\n\n\n
The Compliance API for Regulated Work<\/strong><\/h3>\n\n\n\n
Personal vs. Work Accounts and Data Governance<\/strong><\/h3>\n\n\n\n
What Enterprises Are Seeing in Practice<\/strong><\/h2>\n\n\n\n
\n