iam.md +0 −201 deleted
File DeletedView Diff
1# Identity and Access Management
2
3> Learn how to configure user authentication, authorization, and access controls for Claude Code in your organization.
4
5## Authentication methods
6
7Setting up Claude Code requires access to Anthropic models. For teams, you can set up Claude Code access in one of four ways:
8
9* Claude API via the Claude Console
10* Amazon Bedrock
11* Microsoft Foundry
12* Google Vertex AI
13
14### Claude API authentication
15
16**To set up Claude Code access for your team via Claude API:**
17
181. Use your existing Claude Console account or create a new Claude Console account
192. You can add users through either method below:
20 * Bulk invite users from within the Console (Console -> Settings -> Members -> Invite)
21 * [Set up SSO](https://support.claude.com/en/articles/10280258-setting-up-single-sign-on-on-the-api-console)
223. When inviting users, they need one of the following roles:
23 * "Claude Code" role means users can only create Claude Code API keys
24 * "Developer" role means users can create any kind of API key
254. Each invited user needs to complete these steps:
26 * Accept the Console invite
27 * [Check system requirements](/en/setup#system-requirements)
28 * [Install Claude Code](/en/setup#installation)
29 * Login with Console account credentials
30
31### Cloud provider authentication
32
33**To set up Claude Code access for your team via Bedrock, Vertex, or Azure:**
34
351. Follow the [Bedrock docs](/en/amazon-bedrock), [Vertex docs](/en/google-vertex-ai), or [Microsoft Foundry docs](/en/microsoft-foundry)
362. Distribute the environment variables and instructions for generating cloud credentials to your users. Read more about how to [manage configuration here](/en/settings).
373. Users can [install Claude Code](/en/setup#installation)
38
39## Access control and permissions
40
41We support fine-grained permissions so that you're able to specify exactly what the agent is allowed to do (e.g. run tests, run linter) and what it is not allowed to do (e.g. update cloud infrastructure). These permission settings can be checked into version control and distributed to all developers in your organization, as well as customized by individual developers.
42
43### Permission system
44
45Claude Code uses a tiered permission system to balance power and safety:
46
47| Tool Type | Example | Approval Required | "Yes, don't ask again" Behavior |
48| :---------------- | :------------------- | :---------------- | :-------------------------------------------- |
49| Read-only | File reads, LS, Grep | No | N/A |
50| Bash Commands | Shell execution | Yes | Permanently per project directory and command |
51| File Modification | Edit/write files | Yes | Until session end |
52
53### Configuring permissions
54
55You can view & manage Claude Code's tool permissions with `/permissions`. This UI lists all permission rules and the settings.json file they are sourced from.
56
57* **Allow** rules will allow Claude Code to use the specified tool without further manual approval.
58* **Ask** rules will ask the user for confirmation whenever Claude Code tries to use the specified tool. Ask rules take precedence over allow rules.
59* **Deny** rules will prevent Claude Code from using the specified tool. Deny rules take precedence over allow and ask rules.
60* **Additional directories** extend Claude's file access to directories beyond the initial working directory.
61* **Default mode** controls Claude's permission behavior when encountering new requests.
62
63Permission rules use the format: `Tool` or `Tool(optional-specifier)`
64
65A rule that is just the tool name matches any use of that tool. For example, adding `Bash` to the list of allow rules would allow Claude Code to use the Bash tool without requiring user approval.
66
67#### Permission modes
68
69Claude Code supports several permission modes that can be set as the `defaultMode` in [settings files](/en/settings#settings-files):
70
71| Mode | Description |
72| :------------------ | :--------------------------------------------------------------------------- |
73| `default` | Standard behavior - prompts for permission on first use of each tool |
74| `acceptEdits` | Automatically accepts file edit permissions for the session |
75| `plan` | Plan Mode - Claude can analyze but not modify files or execute commands |
76| `bypassPermissions` | Skips all permission prompts (requires safe environment - see warning below) |
77
78#### Working directories
79
80By default, Claude has access to files in the directory where it was launched. You can extend this access:
81
82* **During startup**: Use `--add-dir <path>` CLI argument
83* **During session**: Use `/add-dir` slash command
84* **Persistent configuration**: Add to `additionalDirectories` in [settings files](/en/settings#settings-files)
85
86Files in additional directories follow the same permission rules as the original working directory - they become readable without prompts, and file editing permissions follow the current permission mode.
87
88#### Tool-specific permission rules
89
90Some tools support more fine-grained permission controls:
91
92**Bash**
93
94* `Bash(npm run build)` Matches the exact Bash command `npm run build`
95* `Bash(npm run test:*)` Matches Bash commands starting with `npm run test`
96* `Bash(curl http://site.com/:*)` Matches curl commands that start with exactly `curl http://site.com/`
97
98<Tip>
99 Claude Code is aware of shell operators (like `&&`) so a prefix match rule like `Bash(safe-cmd:*)` won't give it permission to run the command `safe-cmd && other-cmd`
100</Tip>
101
102<Warning>
103 Important limitations of Bash permission patterns:
104
105 1. This tool uses **prefix matches**, not regex or glob patterns
106 2. The wildcard `:*` only works at the end of a pattern to match any continuation
107 3. Patterns like `Bash(curl http://github.com/:*)` can be bypassed in many ways:
108 * Options before URL: `curl -X GET http://github.com/...` won't match
109 * Different protocol: `curl https://github.com/...` won't match
110 * Redirects: `curl -L http://bit.ly/xyz` (redirects to github)
111 * Variables: `URL=http://github.com && curl $URL` won't match
112 * Extra spaces: `curl http://github.com` won't match
113
114 For more reliable URL filtering, consider:
115
116 * Using the WebFetch tool with `WebFetch(domain:github.com)` permission
117 * Instructing Claude Code about your allowed curl patterns via CLAUDE.md
118 * Using hooks for custom permission validation
119</Warning>
120
121**Read & Edit**
122
123`Edit` rules apply to all built-in tools that edit files. Claude will make a best-effort attempt to apply `Read` rules to all built-in tools that read files like Grep, Glob, and LS.
124
125Read & Edit rules both follow the [gitignore](https://git-scm.com/docs/gitignore) specification with four distinct pattern types:
126
127| Pattern | Meaning | Example | Matches |
128| ------------------ | -------------------------------------- | -------------------------------- | ---------------------------------- |
129| `//path` | **Absolute** path from filesystem root | `Read(//Users/alice/secrets/**)` | `/Users/alice/secrets/**` |
130| `~/path` | Path from **home** directory | `Read(~/Documents/*.pdf)` | `/Users/alice/Documents/*.pdf` |
131| `/path` | Path **relative to settings file** | `Edit(/src/**/*.ts)` | `<settings file path>/src/**/*.ts` |
132| `path` or `./path` | Path **relative to current directory** | `Read(*.env)` | `<cwd>/*.env` |
133
134<Warning>
135 A pattern like `/Users/alice/file` is NOT an absolute path - it's relative to your settings file! Use `//Users/alice/file` for absolute paths.
136</Warning>
137
138* `Edit(/docs/**)` - Edits in `<project>/docs/` (NOT `/docs/`!)
139* `Read(~/.zshrc)` - Reads your home directory's `.zshrc`
140* `Edit(//tmp/scratch.txt)` - Edits the absolute path `/tmp/scratch.txt`
141* `Read(src/**)` - Reads from `<current-directory>/src/`
142
143**WebFetch**
144
145* `WebFetch(domain:example.com)` Matches fetch requests to example.com
146
147**MCP**
148
149* `mcp__puppeteer` Matches any tool provided by the `puppeteer` server (name configured in Claude Code)
150* `mcp__puppeteer__puppeteer_navigate` Matches the `puppeteer_navigate` tool provided by the `puppeteer` server
151
152<Warning>
153 Unlike other permission types, MCP permissions do NOT support wildcards (`*`).
154
155 To approve all tools from an MCP server:
156
157 * ✅ Use: `mcp__github` (approves ALL GitHub tools)
158 * ❌ Don't use: `mcp__github__*` (wildcards are not supported)
159
160 To approve specific tools only, list each one:
161
162 * ✅ Use: `mcp__github__get_issue`
163 * ✅ Use: `mcp__github__list_issues`
164</Warning>
165
166### Additional permission control with hooks
167
168[Claude Code hooks](/en/hooks-guide) provide a way to register custom shell commands to perform permission evaluation at runtime. When Claude Code makes a tool call, PreToolUse hooks run before the permission system runs, and the hook output can determine whether to approve or deny the tool call in place of the permission system.
169
170### Enterprise managed policy settings
171
172For enterprise deployments of Claude Code, we support enterprise managed policy settings that take precedence over user and project settings. This allows system administrators to enforce security policies that users cannot override.
173
174System administrators can deploy policies to:
175
176* macOS: `/Library/Application Support/ClaudeCode/managed-settings.json`
177* Linux and WSL: `/etc/claude-code/managed-settings.json`
178* Windows: `C:\ProgramData\ClaudeCode\managed-settings.json`
179
180These policy files follow the same format as regular [settings files](/en/settings#settings-files) but cannot be overridden by user or project settings. This ensures consistent security policies across your organization.
181
182### Settings precedence
183
184When multiple settings sources exist, they are applied in the following order (highest to lowest precedence):
185
1861. Enterprise policies
1872. Command line arguments
1883. Local project settings (`.claude/settings.local.json`)
1894. Shared project settings (`.claude/settings.json`)
1905. User settings (`~/.claude/settings.json`)
191
192This hierarchy ensures that organizational policies are always enforced while still allowing flexibility at the project and user levels where appropriate.
193
194## Credential management
195
196Claude Code securely manages your authentication credentials:
197
198* **Storage location**: On macOS, API keys, OAuth tokens, and other credentials are stored in the encrypted macOS Keychain.
199* **Supported authentication types**: Claude.ai credentials, Claude API credentials, Azure Auth, Bedrock Auth, and Vertex Auth.
200* **Custom credential scripts**: The [`apiKeyHelper`](/en/settings#available-settings) setting can be configured to run a shell script that returns an API key.
201* **Refresh intervals**: By default, `apiKeyHelper` is called after 5 minutes or on HTTP 401 response. Set `CLAUDE_CODE_API_KEY_HELPER_TTL_MS` environment variable for custom refresh intervals.