Who owns launch
A Primary Owner or Owner should be ready before domain, SSO, provisioning, and connector decisions start.
Enterprise launch path
Claude Enterprise setup guide
A durable guide to Claude Enterprise readiness, tenant ownership, domain verification, SSO, SCIM, governance, connector approvals, and rollout evidence.
What gets configured
Domain verification, SSO, JIT or SCIM, groups, roles, training, policy acknowledgments, and connector approval controls.
How BlueSky works
The control center guides routine steps and routes only blocked setup, security, procurement, and custom connector issues to BlueSky.
The Enterprise setup sequence
A clean Enterprise launch protects access first, then expands into training and governed workflows. The sequence matters because SSO, provisioning, groups, and connector approvals depend on earlier ownership and domain decisions.
Readiness and ownership
Confirm the Claude organization, Primary Owner, backup owner, billing contact, security reviewer, and target departments.
Identity and provisioning
Verify domains, configure SSO, choose JIT or SCIM, map groups, and test admin plus pilot user access before enforcement.
Governance and rollout
Publish acceptable-use rules, assign training, document evidence, approve connectors, and track workflow opportunities.
Where Enterprise differs from Team
Enterprise is the right path when user lifecycle control, custom roles, cross-department rollout, security review, and connector governance are central to the buyer's requirements.
SCIM and groups
Enterprise can support SCIM directory sync and richer group mapping so access follows the identity provider more closely.
Security review
Security teams usually need evidence for SSO, provisioning, connector authorization, policy acceptance, and training completion.
Expansion motion
Enterprise rollout is where repeated workflows become MCP connector candidates, custom connector projects, or Agentic OS pilots.
Implementation checklist
These are the decisions BlueSky wants settled before a rollout becomes harder than it needs to be.
- 1Confirm Claude Enterprise purchase status and Primary Owner access.
- 2Document backup owner, procurement owner, and security reviewer.
- 3Verify customer domain before SSO enforcement.
- 4Configure SSO and test with one admin and one pilot user.
- 5Choose JIT or SCIM provisioning based on lifecycle-control requirements.
- 6Map groups, roles, seat tiers, and rollout departments.
- 7Approve connector paths and capture evidence before broad launch.
Common questions
What should happen before enforcing SSO?
Domain verification should be complete, SSO should be tested, and at least one admin plus one pilot user should have a successful login path. A backup or break-glass owner should remain available.
When does Claude Enterprise need SCIM?
SCIM is useful when the customer wants automatic provisioning and deprovisioning from the identity provider instead of manual invite or login-triggered provisioning.
Does BlueSky need customer IdP credentials?
No. BlueSky's setup model is customer-controlled. Customers enter credentials, MFA, OAuth approvals, and secrets in their own Claude, identity-provider, and connector screens.
References and next steps
Official Claude documentation remains the source of truth for current plan capabilities and setup screens.