What IT Teams Actually Need to Know About Cowork
Claude Cowork is Anthropic's enterprise knowledge work platform โ an AI agent that runs on your desktop, connects to your tools via plugins and connectors, and executes multi-step workflows autonomously. It's not a chatbot. It reads files, calls APIs, triggers actions in connected systems, and produces work product your employees use directly.
For IT teams, this creates a different set of deployment considerations than deploying a SaaS productivity tool. Cowork accesses your organisation's files and systems โ which means access controls, data governance, audit logging, and connector management all sit within your IT remit from day one. This guide covers everything your IT team needs to plan, deploy, and govern Claude Cowork at enterprise scale.
If you want the business case and user-facing feature overview, see our Claude Cowork Product Guide. This guide is for the people who have to make it work in a corporate environment. If you'd prefer an expert partner to handle the deployment, our Claude Cowork deployment service manages the full rollout.
Cowork is a desktop application (Windows and macOS) that runs locally. It's not a browser extension or web app. It connects to external tools via Anthropic's connector framework and MCP servers. It does not store your organisation's data in Anthropic's training pipeline โ Claude Enterprise operates under a zero-training data policy. Your data stays in your environment unless a connector explicitly sends it to an authorised external service.
Provisioning and Licence Management
Claude Cowork for enterprise is provisioned through Anthropic's enterprise portal. Your account owner receives admin credentials that allow seat management, user provisioning, and policy configuration. Licences are seat-based and are consumed when a user account is activated โ not when the desktop app is installed.
User Provisioning Options
Cowork supports three provisioning approaches, which you'll choose based on your identity management setup. The first is manual provisioning: account admins add users directly in the Anthropic admin portal. This works for small deployments or pilots but doesn't scale. The second is SCIM-based automated provisioning: Cowork integrates with your Identity Provider (IdP) via SCIM 2.0, meaning user creation and deactivation in your IdP automatically manages Cowork seats. Supported IdPs include Okta, Microsoft Entra ID (Azure AD), Google Workspace, and any SCIM 2.0-compatible provider. The third is SSO-only provisioning: users authenticate via your SSO provider, and accounts are auto-provisioned on first login with default permissions.
For enterprise deployments, SCIM-based provisioning is the correct choice. It ensures that when an employee leaves and their Okta account is deactivated, their Cowork access is terminated within minutes โ no separate deprovisioning step, no orphaned accounts with residual data access.
SSO Configuration
Cowork supports SAML 2.0 and OIDC for single sign-on. Configuration is done in the Anthropic admin portal, where you'll enter your IdP metadata URL or manually configure the SAML endpoints. The configuration steps are straightforward for both Okta and Microsoft Entra ID. Here's what you'll need from your IdP side:
# Cowork SAML Configuration Requirements
Assertion Consumer Service URL: https://claude.ai/saml/acs/[your-org-id]
Audience URI: https://claude.ai/saml/[your-org-id]
Name ID Format: EmailAddress
Attributes to pass:
- email (required)
- first_name (optional)
- last_name (optional)
- department (optional, used for group-based plugin access)
- manager_email (optional, used for approval workflows)The department attribute is particularly useful if you want to control which plugins are available to which teams โ finance teams get the financial data connectors, legal teams get the document review plugins, and so on.
Need Help With Enterprise Deployment?
Our Claude Cowork deployment service handles tenant setup, SSO configuration, connector build-out, plugin governance, and user onboarding. Most enterprise deployments are live in 4-6 weeks.
Book a Free Strategy Call โConfiguring Connectors: What Connects, What Doesn't, and What You Control
Cowork connectors are the integrations that allow Claude to read from and write to external tools โ Google Drive, OneDrive, Gmail, Outlook, Slack, Notion, Salesforce, DocuSign, and others. Each connector has two dimensions that matter for IT: data flow direction (read-only vs. read-write) and authentication scope (what permissions the connector requests from the target system).
Connector Architecture
Cowork connectors use OAuth 2.0 to authenticate with target services. When a user connects their Google Drive, they're granting the Cowork application OAuth scopes โ specifically, the scopes that determine what Claude can see and do in their Drive. As an IT admin, you have two levels of control over connectors: you can whitelist which connector types are available to your users (preventing them from connecting personal services you haven't approved), and you can pre-configure organisational connectors that are automatically available to all users without requiring individual OAuth consent flows.
For pre-configured organisational connectors (such as your Google Workspace or M365 tenancy), you'll grant Cowork a service account or app-level OAuth consent through your Google Admin Console or Microsoft Entra admin centre. This means the connector accesses data within the boundaries you set at the tenant level, rather than the much broader permissions a user might inadvertently grant through an individual OAuth flow.
Connector Permission Controls
The Cowork admin portal lets you configure connectors at three levels. At the organisation level, you can enable or disable specific connector types globally and set default permission scopes. At the group level (based on SCIM groups or SAML department attributes), you can restrict connectors to specific teams โ for example, enabling the Salesforce connector only for the sales and customer success groups. At the user level, you can review which connectors individual users have connected and revoke access if needed.
For regulated environments, we recommend starting with all connectors disabled and whitelisting only the approved integrations. See our Claude Cowork Security Guide for the security-first connector configuration approach.
Building Custom Connectors via MCP
For internal systems not covered by Anthropic's native connector library โ your internal CRM, ERP, or proprietary databases โ Cowork supports connections via the Model Context Protocol (MCP). Your development team builds an MCP server that exposes your internal system as a set of tools Claude can call. The MCP server runs within your network; Claude calls it via an authenticated endpoint. No data leaves your environment via the MCP layer โ Claude sends a tool call, your MCP server processes it, and returns the result.
Our MCP server development service builds these integrations for you, typically in 2-4 weeks per integration. See also the MCP servers guide for the technical architecture.
Plugin Architecture and Governance
Plugins extend Claude Cowork's capabilities beyond the base product โ adding specialised workflows, domain-specific knowledge, custom tools, and industry-specific automations. Understanding the plugin model is critical for IT governance, because plugins determine what Claude can do, what it can access, and how it behaves for specific user groups.
Plugin Types
Cowork supports three categories of plugins. Native plugins are built and maintained by Anthropic โ these include productivity workflows, document processing, and general-purpose tools. Partner plugins come from Anthropic's partner network, including third-party vendors who have built verified integrations. Custom plugins are built by your own team (or by us on your behalf) using the Cowork plugin SDK โ these are where you codify organisation-specific workflows, proprietary tools, and custom knowledge bases into repeatable Claude capabilities.
Plugin Governance Model
As an IT admin, you control which plugins are available in your tenant. The governance model works like this: plugins are published to your organisation's plugin library by admins (or by Anthropic for native/partner plugins you've approved), users discover and install plugins from your library, and usage is logged at the plugin level so you can audit what tools are being used and by whom.
For custom plugins, you'll establish an internal review and approval process. We recommend a lightweight governance model: plugin request, security review (does it access sensitive data? what connector permissions does it require?), approval and publication, usage monitoring. This prevents plugin sprawl while not blocking useful tools from reaching users.
For each custom plugin, review: What connectors does it require? What data does it read vs. write? Does it output data to external services? What is the maximum data sensitivity level it should handle? Who should have access? Does it require any additional GDPR/compliance considerations? This review takes 30 minutes for most plugins and prevents 90% of governance issues.
Claude Dispatch: The Mobile Control Layer
Claude Dispatch is Anthropic's mobile companion to Cowork โ an iOS and Android app that allows users to control their Cowork agent, review task outputs, approve pending actions, and trigger workflows from their phone. From an IT perspective, Dispatch adds a mobile device management (MDM) consideration to your Cowork deployment.
Dispatch Authentication
Dispatch authenticates using the same SSO identity as the desktop Cowork application โ users log in with your organisation's SSO provider, and Dispatch sessions are tied to the same identity session. There is no separate credential. If a user's SSO account is suspended, their Dispatch access is revoked simultaneously.
MDM Configuration
Dispatch is available on the Apple App Store and Google Play Store. For managed devices, you can deploy Dispatch via your MDM platform (Jamf, Intune, Workspace ONE) alongside the Cowork desktop application. You can configure app protection policies that require device compliance (screen lock, encryption, OS version) before Dispatch can access your organisation's Cowork environment. For BYOD scenarios, we recommend requiring Intune or Jamf app protection policies rather than full device enrolment.
Dispatch Permissions for IT Governance
You can restrict which actions users can approve or trigger via Dispatch from the admin portal. For high-sensitivity actions โ writing to CRM records, sending emails, posting to Slack channels โ you can require desktop (not mobile) approval. This two-tier approval model is useful in regulated environments where you want the additional friction of a desktop session for consequential actions.
Data Governance, Audit Logging, and Compliance
Cowork Enterprise includes comprehensive audit logging that captures user activity, Claude actions, connector data access, and plugin usage. The audit log is available in your admin portal and can be exported in JSON or CSV format or streamed to your SIEM via webhook.
What Gets Logged
Every Cowork interaction produces an audit record containing: user identity and device, timestamp and session ID, the type of activity (conversation start, tool use, connector access, file read/write, plugin execution), the specific action taken (e.g., "read file: Q4-Board-Pack-DRAFT.docx from OneDrive"), the connector and resource involved, and the output disposition (displayed to user, written to file, sent via email, etc.). Log retention defaults to 90 days for Enterprise plans; longer retention requires configuration.
DLP Integration
Cowork supports Data Loss Prevention integration via webhook-based policy enforcement. When Claude is about to output content, your DLP policy can be evaluated before the output is delivered. If the output contains flagged content (PII patterns, confidential terms, classification markers), the DLP policy can block, quarantine, or alert. Integration with Microsoft Purview DLP, Symantec DLP, and Forcepoint DLP is supported via the Cowork webhook framework.
Data Residency and Processing
Claude Enterprise processes data in Anthropic's infrastructure with US and EU processing region options. For data residency requirements, select your region during tenant setup. Anthropic signs Data Processing Agreements (DPAs) with Enterprise customers covering GDPR Article 28 requirements, data retention and deletion procedures, sub-processor disclosure, and incident notification obligations. Your legal team should review the Anthropic DPA before deployment in EU jurisdictions.
Enterprise Rollout Strategy: Phased Deployment for 500+ Users
Deploying Cowork to 500 knowledge workers isn't a single switch-flip. Organisations that deploy successfully treat it as a change management project, not a software rollout. Here's the phased approach we use with enterprise clients.
Phase 1: IT Foundation (Weeks 1-2)
Configure SSO and SCIM provisioning, establish connector governance policy, deploy to IT admin accounts for internal validation. Set up audit log export to your SIEM. Test Dispatch MDM configuration on managed devices. This phase produces a fully configured tenant before any business users are provisioned.
Phase 2: Champions Pilot (Weeks 3-5)
Identify 20-30 early adopter "champions" across the business teams you're targeting first. Provision them, run a 90-minute onboarding session (we provide the training materials), and give them 2 weeks of active use with a dedicated feedback channel. Collect usage data from the audit logs to understand what connectors and workflows they're actually using โ this data shapes your full rollout configuration.
Phase 3: Phased Business Rollout (Weeks 6-12)
Roll out by department, starting with the highest-value use case teams identified in your strategy phase. Each departmental rollout includes a team-specific onboarding session, department-specific plugin configuration, and a 2-week supported adoption period before moving to the next department. Avoid a big-bang rollout โ it overwhelms IT support, produces poor adoption data, and makes it impossible to attribute usage patterns to specific configurations.
Do not deploy Cowork without SSO configured โ you will have a governance nightmare. Do not enable all connectors by default โ start restricted and expand based on validated use cases. Do not skip the champions phase โ it's the fastest way to identify the configuration issues that will affect 500 users before they affect 500 users. Do not conflate Cowork training with general AI training โ Cowork has specific operational patterns that require hands-on instruction, not a slide deck.
Ongoing Administration and Support
After go-live, IT teams typically see three categories of ongoing Cowork administration work: user and licence management (provisioning new hires, deprovisioning leavers, managing seat consumption), connector and plugin maintenance (updating OAuth tokens as they expire, approving new plugin requests, updating custom connector configurations as target systems change), and incident response (investigating audit log anomalies, responding to data access queries, handling performance issues).
Plan for approximately 2-4 hours per week of Cowork-specific IT administration for a 500-user deployment. This is primarily reactive โ responding to provisioning requests and connector issues โ rather than proactive maintenance. The most common recurring issue is OAuth token expiry on connector integrations; building an alert for token expiry significantly reduces user-reported connector failures.
For organisations that want expert support on an ongoing basis, our Claude consulting retainer includes Cowork administration support, connector maintenance, and quarterly governance reviews. Most clients find that dedicated retainer support during the first 6 months significantly reduces IT overhead as the deployment matures.