We’re excited to announce the release of Claude Enterprise (SaaS) Connector in Identity Security Cloud. The SailPoint Claude Enterprise connector streamlines identity and access management by aggregating organizational users, groups, and roles via Anthropic’s compliance API. It also enriches the platform’s capabilities by importing Managed Agents through a beta API to provide enhanced, pre-configured discovery using SailPoint’s Agent Identity Security.
Description
SailPoint now introduces a net new Claude Enterprise (SaaS) Connector in SailPoint Platform. This new SailPoint Claude Enterprise connector streamlines your workflow by syncing users, groups, and roles directly from Anthropic’s compliance API, while also integrating pre-configured Managed Agents to secure the Agents seamlessly using SailPoint’s Agent Identity Security.
The Compliance API helps Enterprise customers meet regulatory compliance requirements. The SailPoint Claude Enterprise connector provides visibility of all the Organization users, groups, group members, and roles.
The agent governance capability enables you to:
Establish human ownership and accountability for each agent.
Restrict agent access based on purpose, sensitivity, and real usage.
Gain visibility into agent permissions and associated risk.
Take action early - before risk turns into impact.
High-Level Capabilities
Manage All Organization Users as “Accounts”
Manage Groups and Roles as “Entitlements”
Managed Agents from beta APIs into Agent Identity Security.
Include Agents from specific Workspace
Note: To aggregate Agents, SailPoint is using available beta API endpoint which might be subjected to change in future. SailPoint is aligned with Anthropic to accommodate future changes (if any).
@dinesh_mishra Nice to see the Claude Enterprise connector being introduced and the Agent Identity Security integration capabilities look promising.
However, while reviewing the supported capabilities and after creating a source using the Claude connector, I noticed that provisioning related features/configurations do not appear to be available. Instead, I only see the manual work items related toggle for handling access changes manually.
Could you please help clarify why provisioning support is currently not available in this connector? From Anthropic’s documentation, it appears that SCIM API endpoints are supported for user provisioning and lifecycle management and I assumed the SailPoint connector should’ve supported the same.
Would be great to understand whether provisioning support is planned for a future release or if there are any technical/design considerations behind this?
Hi @raibom, there is no separate license required for this connector if you are interested for compliance capabilities. It is part of the platform connectivity. Agent governance is part of the previous license with Agent Identity Security. Thanks!
Thank you, @Arshad! For you question on provisioning, there is no such provisioning specific capability introduced by Anthropic as a part of newly introduced Compliance API. There is a plan to support provisioning once Anthropic supports that as a part of compliance API. There is a way to use add or remove members or groups from your IDP using SCIM configuration but I don’t think there is any native SCIM API available for users and groups. Can you please point me the SCIM API that you are referring so that we can investigate and reached out to Anthropic for the same. Thanks!
These documents outline the available SCIM APIs and support for the following operations:
Account aggregation (GET /Users)
Group aggregation (GET /Groups)
User creation (POST /Users)
User updates (PUT/PATCH /Users)
User disablement (PATCH active=false)
User deletion (DELETE /Users/{id})
Group membership management (PATCH /Groups/{id})
Please note these operations are supported through SCIM APIs and not Compliance API.
Given this, if these SCIM endpoints are fully supported, I would expect an out-of-the-box (OOTB) connector to leverage them directly for end-to-end provisioning (including aggregation and lifecycle management of users and groups).
Alternatively, what I understand is that a standard SCIM 2.0 connector could be used to achieve full integration covering both aggregation and provisioning, rather than relying on a read-only SaaS connector that does not provide provisioning capabilities. From that perspective, it would be helpful to understand what specific use case or problem this OOTB read-only connector is intended to solve, especially when SCIM-based integration already exists.
We’re excited to announce the release of Claude Enterprise (SaaS) Connector in Identity Security Cloud. The SailPoint Claude Enterprise connector streamlines identity and access management by aggregating organizational users, groups, and roles via Anthropic’s compliance API. It also enriches the platform’s capabilities by importing Managed Agents through a beta API to provide enhanced, pre-configured discovery using SailPoint’s Agent Identity Security.