Enforce network-level access control with Tenant Restrictions (original) (raw)

Tenant Restrictions enable IT administrators on Enterprise plans to enforce network-level access control for Claude. This feature ensures that users on corporate networks can only access approved organizational accounts, preventing unauthorized use of personal accounts.

How it works

When enabled, your network proxy injects an HTTP header into requests to Claude. Anthropic validates this header and blocks access from any organization not in the allowed list.

Supported authentication methods:

Header format

Example:

Configuration steps

1. Find your organization UUID

Members of Enterprise plans can find this in two different places:

2. Configure your network proxy

Configure your proxy to inject the header for Claude traffic:

3. Test your configuration

From restricted network, test with your org's API key:

Error response

When access is blocked, users receive the following error:

Supported proxy platforms

Use cases

Security benefits

Backward compatibility

Related Articles

Business Associate Agreements (BAA) for Commercial CustomersClaude Code FAQMicrosoft 365 connector security guideUse Claude for Microsoft 365 with third-party platformsMCP connectors