👔Claude for Teams Setup

Claude for Teams Setup

When you move from individual usage to a team environment, Claude offers dedicated team plans that unlock collaboration features, centralized management, and enterprise-grade controls. This lesson walks you through everything you need to set up and manage Claude for your team.

---

Team vs Individual Plans

Before creating a team workspace, it is important to understand the differences between individual and team plans.

When should you upgrade to a team plan?

• You have two or more people using Claude regularly
• You need centralized billing for expense tracking
• Your organization requires SSO for security compliance
• You want visibility into how your team uses Claude
• You need to enforce usage policies across the organization

---

Creating a Team Workspace

Setting up a team workspace takes just a few minutes. Here is the step-by-step process:

Step 1: Navigate to the Anthropic Console

Go to console.anthropic.com and sign in with your account. If you do not have one, create a new account first.

Step 2: Create a New Organization

1. Click on your profile icon in the top-right corner 2. Select "Create Organization" 3. Enter your organization name (e.g., "Acme Corp Engineering") 4. Choose your plan tier (Team or Enterprise) 5. Click "Create Organization"

Step 3: Configure Organization Settings

Once your organization is created, configure the basic settings:

Organization Settings: - Display Name: "Acme Corp Engineering" - Organization ID: org_acme_eng_xxxx (auto-generated) - Default Model: claude-sonnet-4-20250514 - Region Preference: US / EU - Data Retention: 30 days (configurable)

Step 4: Set Up Billing

Add a payment method for centralized billing:

Billing Configuration: - Payment Method: Credit Card / Invoice - Billing Email: billing@acmecorp.com - Monthly Budget Cap: $5,000 (recommended starting point) - Alert Thresholds: 50%, 75%, 90%, 100%

---

Inviting Members

Once your workspace is ready, you can start adding team members.

How to Invite Members

1. Go to Organization Settings > Members 2. Click "Invite Members" 3. Enter email addresses (one per line or comma-separated) 4. Assign a role to each member 5. Optionally add them to specific workspaces 6. Click "Send Invitations"

Invitation Options

You can customize invitations with:

• Role assignment -- set the default role before they join
• Workspace access -- restrict which workspaces they can see
• Expiration -- invitations expire after 7 days by default
• Custom message -- add a note explaining why they are being invited

Bulk Invitations

For large teams, you can upload a CSV file:

---

Roles and Permissions

Claude for Teams uses a role-based access control (RBAC) model with three primary roles.

Admin Role

Admins have full control over the organization:

Admin Permissions: - Manage organization settings - Invite and remove members - Assign and change roles - Create and delete API keys - View all usage analytics - Configure SSO and security policies - Set billing and budget limits - Access audit logs - Manage compliance settings - Create and manage workspaces

Best practice: Have at least two admins to avoid lockout scenarios. Limit admin access to managers or team leads only.

Developer Role

Developers can use Claude and manage their own resources:

Developer Permissions: - Use Claude via API and web interface - Create personal API keys - View personal usage statistics - Access assigned workspaces - Create and manage their own prompts - Use all available Claude models - Cannot invite or remove members - Cannot view other members' usage - Cannot change organization settings

Best practice: This is the default role for most team members. Developers can work independently while admins maintain oversight.

Viewer Role

Viewers have read-only access:

Viewer Permissions: - View dashboards and reports - Access shared prompt libraries - View usage summaries (not individual data) - Cannot use Claude API directly - Cannot create API keys - Cannot modify any settings - Cannot invite members

Best practice: Use the viewer role for stakeholders, managers, or auditors who need visibility without active usage.

Permissions Comparison Table

---

SSO Configuration Overview

Single Sign-On (SSO) allows your team to authenticate using your existing identity provider (IdP). This is critical for enterprise security and compliance.

Supported SSO Protocols

• SAML 2.0 -- the most widely supported protocol for enterprise SSO
• OIDC (OpenID Connect) -- a modern alternative based on OAuth 2.0

SAML Configuration Steps

1. Go to Organization Settings > Security > SSO 2. Select "SAML 2.0" as the protocol 3. Enter your Identity Provider details: - IdP Entity ID: https://idp.acmecorp.com/saml - IdP SSO URL: https://idp.acmecorp.com/sso/saml - IdP Certificate: [Upload X.509 certificate] 4. Copy the Service Provider (SP) details into your IdP: - SP Entity ID: https://console.anthropic.com/saml/org_xxxx - SP ACS URL: https://console.anthropic.com/saml/callback 5. Test the connection with a test user 6. Enable SSO for all members

OIDC Configuration Steps

1. Go to Organization Settings > Security > SSO 2. Select "OIDC" as the protocol 3. Register Claude as a client in your IdP 4. Enter the configuration: - Client ID: [from your IdP] - Client Secret: [from your IdP] - Issuer URL: https://idp.acmecorp.com/.well-known/openid-configuration 5. Configure scopes: openid, email, profile 6. Map user attributes to Claude roles 7. Test and enable

SSO Enforcement Options

---

Centralized Billing

Team plans provide centralized billing that simplifies financial management.

Billing Dashboard Features

Dashboard Sections: - Current month spend (real-time) - Spend by workspace - Spend by member - Spend by model (Haiku / Sonnet / Opus) - Historical trends (last 12 months) - Invoice history and downloads

Budget Controls

Set budget limits to prevent unexpected charges:

Budget Configuration: - Organization monthly cap: $10,000 - Per-workspace cap: $3,000 - Per-member cap: $500 - Alert thresholds: 50%, 75%, 90% - Action on limit: Warn / Soft block / Hard block

Cost Optimization Tips

• Use claude-haiku-3 for simple tasks to reduce costs
• Set per-member limits to encourage efficient usage
• Review usage reports weekly to identify waste
• Use caching for repeated queries to reduce API calls
• Implement prompt optimization to reduce token count

---

Usage Monitoring Per Team Member

Track how each member uses Claude to optimize costs and ensure fair usage.

Individual Usage Metrics

Per-Member Dashboard: - Total API calls this month - Total tokens consumed (input + output) - Average tokens per request - Most used models - Peak usage hours - Cost attribution - Active API keys

Team Usage Analytics

Team Overview: - Total team spend: $3,240 / $10,000 - Active members: 12 / 15 - Top user: alice@acmecorp.com ($620) - Most used model: claude-sonnet-4-20250514 (78%) - Average cost per member: $270 - Trend: +12% vs last month

Usage Alerts

Configure alerts to stay informed:

Alert Types: - Member exceeds daily/weekly/monthly limit - Team budget reaches threshold - Unusual usage spike detected - API key used from unknown IP - Model usage pattern change

---

API Key Management for Teams

Managing API keys properly is critical for security and access control.

Types of API Keys

Creating an Organization API Key

1. Go to Organization Settings > API Keys 2. Click "Create Key" 3. Configure the key: - Name: "production-backend-v1" - Scope: Organization-wide - Models allowed: claude-sonnet-4-20250514, claude-haiku-3 - Rate limit: 1000 requests/minute - Expiration: 90 days (recommended) 4. Copy the key securely -- it will only be shown once

API Key Security Best Practices

Security Checklist: [x] Rotate keys every 90 days [x] Use environment variables, never hardcode keys [x] Set minimum required permissions per key [x] Monitor key usage for anomalies [x] Revoke keys immediately when a team member leaves [x] Use separate keys for development and production [x] Enable IP allowlisting for production keys [x] Implement key naming conventions for tracking

Revoking a Key

1. Go to Organization Settings > API Keys 2. Find the key to revoke 3. Click "Revoke" and confirm 4. The key is immediately invalidated 5. Update all services using the revoked key

---

Shared Settings and Policies

Team plans allow admins to define shared configurations that apply to all members.

Organization-Wide Policies

Policy Settings: - Allowed models: [claude-sonnet-4-20250514, claude-haiku-3] - Max tokens per request: 4096 - Default temperature: 0.7 - Content filtering: Enabled - Data retention: 30 days - External integrations: Slack, GitHub (approved list) - Prompt sharing: Enabled within organization

Shared Prompt Libraries

Create reusable prompts that the entire team can access:

Shared Prompts: - "Code Review" -- standard code review prompt - "Bug Report Analysis" -- extract key info from bug reports - "API Documentation" -- generate docs from code - "Meeting Summary" -- summarize meeting transcripts - "Security Audit" -- check code for vulnerabilities

Workspace Configuration

Organize your team into logical workspaces:

Example Workspace Structure: acme-corp/ engineering/ - backend-team (5 members) - frontend-team (4 members) - devops (2 members) product/ - product-managers (3 members) - designers (2 members) data/ - data-science (3 members) - analytics (2 members)

---

Compliance Features Overview

Claude for Teams includes compliance features that meet enterprise requirements.

Available Compliance Certifications

Audit Logs

Every action in your organization is logged:

Audit Log Events: - Member invited / removed - Role changed - API key created / revoked - SSO configuration changed - Billing settings modified - Policy settings updated - Login attempts (success / failure) - Data export requests

Data Governance

Control how your data is handled:

Data Governance Settings: - Data residency: US / EU - Retention period: 0-90 days (configurable) - Training opt-out: Enabled (your data is never used for training) - Export: On-demand data export in JSON format - Deletion: Request full data deletion at any time

Security Controls Summary

Security Features: [x] SSO with SAML 2.0 and OIDC [x] Multi-factor authentication (MFA) [x] IP allowlisting [x] API key rotation policies [x] Role-based access control (RBAC) [x] Audit logging [x] Data encryption at rest and in transit [x] SOC 2 Type II compliance [x] HIPAA eligibility with BAA [x] GDPR and CCPA compliance

---

Quick Setup Checklist

Use this checklist when setting up Claude for your team:

Team Setup Checklist: [ ] Create organization on console.anthropic.com [ ] Choose team plan tier [ ] Configure billing and budget limits [ ] Set up SSO (if required by your organization) [ ] Define roles and permissions policy [ ] Create workspaces for each team/project [ ] Invite team members with appropriate roles [ ] Create organization and workspace API keys [ ] Configure shared settings and policies [ ] Set up usage alerts and monitoring [ ] Review compliance requirements [ ] Document team guidelines for Claude usage

---

Summary

Setting up Claude for Teams involves choosing the right plan, creating your organization workspace, inviting members with appropriate roles, and configuring security and billing. The three roles -- Admin, Developer, and Viewer -- provide the right level of access for different team members. SSO integration, centralized billing, usage monitoring, and compliance features ensure your team can use Claude securely and efficiently at scale. Start with the setup checklist above and you will have your team running in under an hour.