In This Guide
What Are Claude Cowork Connectors?
Claude Cowork connectors are authenticated integrations that give Claude read and write access to external services. Without connectors, Claude Cowork operates solely on files and context you manually provide in the conversation window. With connectors, Claude can proactively retrieve emails matching a brief, search shared drives for reference documents, read Slack thread history, and trigger downstream workflows inside DocuSign or other services — all within a single task execution.
Connectors are distinct from the Model Context Protocol (MCP) layer, though they're architecturally related. Where MCP is a developer-facing specification for building custom tool servers, Cowork connectors are pre-built, admin-deployable integrations that non-technical users can enable from the Cowork interface. An enterprise admin can authorise a Google Workspace connector at the org level; individual users then grant per-account OAuth permissions without ever touching a config file.
As of early 2026, Claude Cowork ships with connectors for Google Workspace (Gmail, Drive, Calendar, Docs, Sheets), Slack, Microsoft 365 (Outlook, Teams, SharePoint, OneDrive), DocuSign, Salesforce, HubSpot, Jira, Notion, Confluence, Box, Dropbox, GitHub, and a growing set of additional integrations via the plugin marketplace. Our Claude Cowork deployment service handles connector configuration for every major enterprise toolstack.
Gmail
Read, search, draft, and send email with full thread context
Google Drive
Search, read, and create documents, spreadsheets, and folders
Slack
Read channel history, post messages, create channels and DMs
DocuSign
Create envelopes, send for signature, check status, download signed docs
Salesforce
Query contacts, opportunities, accounts, create/update records
Jira
Create tickets, update status, search issues, add comments
Google Workspace: Gmail and Drive Integration
The Google Workspace connector is the most commonly deployed and, for most knowledge worker teams, the highest-value starting point. When Gmail is connected, Claude Cowork can be instructed to find the last email chain with a specific client, summarise unread messages matching a topic, draft a reply in your voice, or flag anything requiring action before a scheduled meeting. This is not search — Claude reads, understands, and synthesises email content the same way a skilled EA would.
Setting Up the Gmail Connector
Admin enablement happens in the Cowork admin console under Integrations → Google Workspace. Admins toggle the connector on at the org level and set the default permission scope. Scopes available include read-only access (recommended for initial rollout), read/compose, and full send access. Individual users then complete OAuth authorisation via their Google account at first use — a single click that opens the standard Google consent screen.
For enterprises running Google Workspace Business or Enterprise tiers, your IT admin will need to add the ClaudeCowork OAuth application to the approved list in the Google Workspace Admin console under Security → API Controls → Domain-wide delegation. Without this step, individual user OAuth prompts may be blocked by your organisation's third-party app policy. Our Cowork deployment team handles this configuration as part of every enterprise rollout.
Google Drive: Search, Read, and Create
The Drive connector grants Claude access to files the authenticated user can see — it does not grant organisation-wide file access. Claude can search Drive using natural language queries ("find the Q4 board deck from finance"), read document content (including Google Docs, Sheets, and Slides), and create new files in specified folders. Write actions — including creating, editing, and moving files — are gated behind the write permission scope, which you can restrict at the admin level for users in sensitive departments.
Enterprise note: Drive connector access is scoped to the authenticated user's permissions. Claude cannot access shared drives or files the user does not have access to. This is by design and consistent with your existing Drive access controls.
Slack Connector: Reading Channels and Posting Messages
The Slack connector is the most operationally impactful for teams that live in Slack. With it connected, Claude Cowork can read channel history (within permission scope), search messages, extract action items from a thread, summarise a long discussion, draft announcements, and post messages on your behalf. For ops teams, project managers, and executives who need cross-channel visibility, this is the fastest path to real productivity gains.
Slack Permission Scopes
The Cowork Slack app must be installed by a Slack workspace admin and granted the appropriate bot token scopes. Read-only deployments use channels:history, channels:read, and users:read. Full read/write deployments add chat:write and files:write. For DM access, the im:history scope is required and should be carefully considered from a privacy standpoint before enterprise-wide deployment.
In a typical enterprise deployment, we recommend starting with public channels read-only, then expanding to private channel access for specific user groups after reviewing your data residency and privacy requirements. If you're in a regulated sector, book a call with our Claude security and governance team before activating write scopes.
Deploying Cowork Across Your Organisation?
Connector configuration, OAuth governance, and permission scoping are where most enterprise deployments get stuck. Our certified architects handle the full setup — including Slack app installation, admin policy configuration, and user rollout.
Book a Free Strategy Call →DocuSign: Automated Document Signature Workflows
The DocuSign connector is purpose-built for legal, procurement, HR, and finance teams that process high volumes of agreements. With it active, Claude Cowork can create signature envelopes from templates, fill in recipient fields, send documents for signature, check status, and retrieve completed documents — all triggered by natural language instructions or automated through Claude Dispatch.
What the DocuSign Connector Enables
A legal ops team processing NDAs can instruct Claude: "Create a standard NDA envelope for [Vendor Name], pre-fill their contact details from the Salesforce record, and send to the vendor contact using the NDA template." Claude handles the DocuSign API call, returns a confirmation link, and can follow up automatically when the envelope status changes to Completed. This workflow that previously required 15 minutes of manual DocuSign navigation runs in under 30 seconds.
For enterprise Cowork deployments in legal or procurement, the DocuSign connector is typically one of the three connectors enabled in the first 30 days, alongside Gmail and Drive. The ROI is immediately measurable in time-per-contract processed. For law firms deploying the full Cowork + DocuSign + Clio stack, see our complete guide to Claude Cowork legal practice management integration which covers the end-to-end configuration for Clio, NetDocuments, iManage, and DocuSign together.
DocuSign Connector Prerequisites
You need a DocuSign Business Pro or Enterprise account to use the Cowork connector. The integration uses DocuSign's eSignature REST API with JWT grant authentication. Your DocuSign admin must create an integration key and grant the Cowork application the appropriate impersonation permissions. Template access is scoped per-user based on your DocuSign account's template visibility settings — Claude can only use templates the authenticated user has access to.
Other Key Connectors for Enterprise Teams
Beyond the four flagship connectors above, Claude Cowork ships with integrations that address the full enterprise toolstack. Microsoft 365 users get equivalent coverage through Outlook, Teams, SharePoint, and OneDrive connectors — all deployed through the same admin console and individual OAuth flow. For teams running both Google Workspace and Microsoft 365, both connector sets can be active simultaneously.
Salesforce and HubSpot connectors give revenue teams real-time CRM access — Claude can pull opportunity data, update contact records, create tasks, and generate pipeline summaries without switching tabs. For engineering organisations, the GitHub connector enables Claude to read repositories, create issues, submit PRs, and check build status as part of agentic workflows. The MCP protocol further extends this to any internal system your team builds a server for.
Microsoft 365
Outlook email, Teams messages, SharePoint files, OneDrive documents — full read/write parity with Google Workspace connector
Salesforce
SOQL-powered CRM access: contacts, leads, opportunities, accounts, custom objects. For AE-specific workflows, see our guide to Cowork + Salesforce deal intelligence.
HubSpot
Deal pipeline, contact records, email sequences, meeting bookings
Notion & Confluence
Read/write access to pages, databases, and knowledge bases for documentation workflows
Connector Permissions and Security Model
Every Claude Cowork connector operates on a two-tier permission model: admin-level enablement controls which connectors are available to users in the organisation, and user-level OAuth grants control what specific account data Claude can access. No connector can access data beyond what the authenticated user can already access in the source system. This is a fundamental design constraint, not a configuration option.
| Connector | Read Scope | Write Scope | Admin Required |
|---|---|---|---|
| Gmail | Read-only | Compose + Send | Google Workspace Admin |
| Google Drive | View files | Create, edit, move | Google Workspace Admin |
| Slack | Channel/DM history | Post messages, files | Slack Workspace Admin |
| DocuSign | Envelope status | Create, send, void | DocuSign Account Admin |
| Salesforce | All accessible records | Create, update records | Salesforce Admin (Connected App) |
| Microsoft 365 | Mail, files, messages | Send, create, modify | Azure AD App Registration |
Anthropic's data handling for connector integrations follows the same privacy framework as the core Claude Enterprise product: data passed through connectors is not used to train models. For enterprises with strict data residency requirements, Claude Enterprise deployments can be configured to route through AWS or Google Cloud regions that satisfy your compliance policies. See our Claude security and governance service for full details on data residency options.
Enterprise Governance for Cowork Connectors
Connectors are powerful precisely because Claude acts with real permissions in real systems. That power requires governance. Before enabling write-scope connectors at scale, every enterprise should have answers to four questions: Who can authorise which connectors? What actions can Claude take without user confirmation? How are connector actions logged for audit? What is the revocation process if an account is compromised?
Controlling Connector Access by Team or Role
Cowork's admin console supports connector policy by group. You can enable the DocuSign write connector for the Legal team while restricting it to read-only for the wider organisation. Gmail send permissions can be available to executive assistants and blocked for entry-level users. This group-based policy maps to your existing SSO directory groups — typically Okta, Azure AD, or Google Groups — so connector governance inherits your existing RBAC structure without additional configuration.
Audit Logging for Connector Actions
Every connector action Claude takes — every email sent, every Drive file created, every DocuSign envelope dispatched — is logged in the Cowork admin audit trail with the user, timestamp, connector, action type, and affected resource. Audit logs are exportable via API and can be streamed to your SIEM of choice. For regulated environments, we configure automatic log forwarding to Splunk, Datadog, or your preferred security platform as part of our enterprise implementation service.
Recommendation: Enable all connectors in read-only mode first. Run a 30-day observation period, review audit logs with your security team, then selectively enable write access for connectors where the productivity gain justifies the expanded permission scope.
Connector Setup Checklist for Enterprise IT
Use this checklist before rolling out connectors to more than a pilot group. Most organisations can complete the checklist in a single afternoon — the blockers are usually cross-team alignment on permission scope rather than technical complexity. If you're running into obstacles, book a call with our deployment team — we've worked through every combination of enterprise toolstack and can usually unblock in an hour.
Pre-Deployment Checklist
- Confirm Claude Enterprise plan is active with admin console access
- Identify which connectors are in scope for initial rollout (recommend: 2-3 max)
- Define permission scope for each connector (read-only vs read/write)
- Map connector access to existing SSO groups in Okta / Azure AD / Google Groups
- Complete admin authorisation for each connector (OAuth app approval in source system)
- Run pilot with 10-20 users, collect feedback, review audit logs after 2 weeks
- Brief IT help desk on OAuth re-authorisation process for token expiry
- Configure audit log forwarding to SIEM before broad rollout
- Document approved use cases and distribute to users before go-live
Key Takeaways
- Cowork connectors operate on two-tier permissions: admin enablement + user OAuth grant
- Claude cannot access data beyond what the authenticated user already has permission to view
- Start with read-only scopes, expand to write access after a 30-day observation period
- Group-based connector policies map directly to your existing SSO RBAC structure
- Every connector action is logged and exportable for audit and compliance purposes
- DocuSign, Gmail + Drive, and Slack are the highest-ROI starting connectors for most teams