Until February 2026, buying an Anthropic Enterprise plan meant going through a sales process. On February 20, 2026, Anthropic made Enterprise self-serve: any organization can now purchase and configure an Enterprise plan directly at claude.ai/enterprise — SSO, SCIM, and all admin controls included, no sales conversation required.
This guide covers the full Enterprise setup for Claude Cowork: purchasing, deploying to your team, building private plugin marketplaces, and managing admin controls.
Enterprise Plan: What's Included
An Enterprise plan gives your organization:
- Claude (web, mobile, API)
- Claude Code (terminal coding agent)
- Claude Cowork (desktop AI agent for knowledge work)
All three under one seat type. There's no separate Cowork add-on — every Enterprise seat includes full access.
Additional Enterprise features:
- Single Sign-On (SSO) via SAML 2.0
- SCIM provisioning for automated user management
- Admin controls for plugins and connectors
- Private plugin marketplaces
- Usage analytics and audit logs
- Priority support SLA
- BAA available for HIPAA-regulated workloads (contact Anthropic)
Purchasing: Self-Serve Setup
Step 1: Go to claude.ai/enterprise
Click Get started and sign in or create an Anthropic account.
Step 2: Set up your organization
Enter your organization name and the primary admin email. This account becomes the organization owner.
Step 3: Choose your seat count and billing
Enterprise pricing is per seat per month (annual billing available). Add your payment method and confirm.
Step 4: Configure SSO
Immediately after purchase, you can configure SSO:
- Go to Organization Settings → Security → Single Sign-On
- Choose your identity provider (Okta, Azure AD, Google Workspace, or any SAML 2.0 provider)
- Enter your IdP metadata URL or upload the metadata XML
- Test the connection
- Enable SSO enforcement (optional — users can still log in with email/password until you enforce it)
Step 5: Enable SCIM (optional)
SCIM automates user provisioning and deprovisioning from your directory:
- Go to Organization Settings → Security → SCIM
- Copy the SCIM endpoint URL and bearer token
- Enter these in your IdP's SCIM configuration
- Map your directory groups to Anthropic roles (Member, Admin)
With SCIM enabled, new hires get Claude access automatically when added to the relevant directory group, and departing employees lose access when deprovisioned.
Deploying Cowork Across Your Team
Step 1: Deploy Claude Desktop
Claude Desktop is a standard installer (.dmg for macOS, .exe for Windows). Distribute it via your standard software management tool:
- macOS: Deploy via Jamf, Kandji, or Mosyle
- Windows: Deploy via Intune, SCCM, or Group Policy
Silent install on macOS:
sudo installer -pkg ClaudeDesktop.pkg -target /
Silent install on Windows:
.\ClaudeDesktop-installer.exe /S /quiet
Step 2: Pre-configure Cowork for your team
Create a managed .mcp.json file that pre-configures the connectors your team should have access to. Deploy it to each machine's Claude config directory:
- macOS:
~/Library/Application Support/Claude/ - Windows:
%APPDATA%\Claude\
Example managed configuration with standard enterprise connectors:
{
"mcpServers": {
"slack": {
"command": "npx",
"args": ["-y", "@anthropic/mcp-server-slack"],
"env": {
"SLACK_BOT_TOKEN": "${SLACK_BOT_TOKEN}"
}
},
"google-drive": {
"command": "npx",
"args": ["-y", "@anthropic/mcp-server-gdrive"],
"env": {
"GDRIVE_CLIENT_ID": "${GDRIVE_CLIENT_ID}",
"GDRIVE_CLIENT_SECRET": "${GDRIVE_CLIENT_SECRET}"
}
}
}
}
Use your secrets manager to inject the token values rather than hardcoding them.
Step 3: Set organizational defaults in the Admin dashboard
From claude.ai/settings/organization, admins can:
- Require specific plugins for all users
- Restrict which plugins users can install
- Set default connectors that activate for all users
- Configure data retention for audit logs
Building a Private Plugin Marketplace
Private marketplaces let you distribute custom plugins across your organization. Employees see your organization's plugins alongside Anthropic's official plugins in their Claude Desktop.
Option A: GitHub-synced marketplace
This is the recommended approach for teams with developers who will maintain plugins.
Step 1: Create a private GitHub repository
Create a repo (e.g., your-org/claude-cowork-plugins) and give it the standard plugin structure:
claude-cowork-plugins/
hr-onboarding/
plugin.json
skills/
onboarding-plan.md
offer-letter.md
playbook.md
finance-reporting/
plugin.json
skills/
monthly-close.md
variance-analysis.md
playbook.md
Step 2: Connect the repository
In the Admin dashboard → Plugins → Private Marketplace → Connect GitHub repository:
- Authenticate with GitHub (org owner or admin)
- Select your plugin repository
- Choose the branch to sync from (usually
main) - Click Connect
Cowork syncs plugins from the repository automatically. When you push updates, they're available to your team within minutes.
Step 3: Control who can access which plugins
In the Admin dashboard, assign plugins to teams:
HR plugin → HR team directory group
Finance plugin → Finance team directory group
General plugins → All users
Option B: Manual plugin uploads
For smaller teams or one-off plugins, you can upload plugin ZIP files directly from the Admin dashboard:
- Go to Plugins → Private Marketplace → Upload plugin
- Upload the
.zipfile with your plugin files - Set the visibility (all users or specific groups)
Building a Plugin with Plugin Create
If your team doesn't have existing plugins to import, use Cowork's built-in Plugin Create tool:
/plugin-create
Plugin Create walks you through:
- Defining what the plugin should do
- Writing the skills (slash commands)
- Configuring the connectors it needs
- Testing it on a sample workflow
- Exporting it for distribution
Start from an Anthropic template to speed up the process.
Admin Controls Reference
| Control | Location | What It Does | |---------|----------|-------------| | Enforce SSO | Security → SSO | Require SSO login, disable email/password | | Plugin allowlist | Plugins → Policy | Restrict which plugins users can install | | Connector policy | Connectors → Policy | Approve/deny specific MCP connectors | | Usage dashboard | Analytics | See which users and teams use Cowork most | | Audit log | Security → Audit | Log of all Cowork sessions and file access | | Data retention | Security → Data | Set how long audit logs are retained |
Compliance Considerations
Data residency: Cowork tasks run locally on the user's machine in a VM. Files are not uploaded to Anthropic servers unless you explicitly use a connector that reads remote services. Check each connector's documentation for its data handling practices.
HIPAA: Anthropic offers a BAA for Enterprise customers. Contact your account representative. Note that Cowork's MCP connectors to third-party services (e.g., Slack, Google Drive) require those services to also be HIPAA-compliant if handling PHI.
PwC-validated framework: For customers in financial services and healthcare, Anthropic has partnered with PwC to provide a governance framework for compliant Cowork deployment. Ask your Anthropic contact for details.
Prompt injection: Plugins that execute tasks based on external data (emails, documents, web content) carry some risk of prompt injection. Review the security considerations for plugins before deploying to sensitive workflows.
Getting Help
- Documentation: support.claude.com
- Enterprise support: Available via the Admin dashboard → Support
- Plugin templates: github.com/anthropics/knowledge-work-plugins
- Community: Anthropic's enterprise Slack community (invite via dashboard)