The Navigator · 11 min mission

Claude Code for Teams & Enterprise

Deploy and govern Claude Code across an org — the policy stack, Bedrock/Vertex, analytics, and security controls.

claude-codeenterpriseteamsgovernancemanaged-settingsbedrockvertex-aisecurityFact-checked 2026-06-15

On this page

Settings precedence
Endpoint-managed settings: file paths
Route inference to Bedrock or Vertex
Usage analytics
Governance controls
Identity, credentials, and audit

This guide configures Claude Code for an organization: where settings are enforced, how to push policy to a fleet, how to route inference at Amazon Bedrock or Google Vertex AI, and how to read usage back out. After it you can deploy a managed-settings.json that a developer cannot override, pin model versions across a rollout, and confirm what each client resolved with /status.

Settings precedence

Claude Code merges settings from several scopes in a fixed priority order, highest to lowest. A higher scope wins for most keys, and managed settings cannot be overridden by any lower level, including command-line arguments.

Priority	Scope	Location	Controlled by
1 (highest)	Managed	System path (OS table below)	IT / DevOps via MDM
2	CLI args	Flags on the `claude` invocation	Developer, per session
3	Local project	`.claude/settings.local.json` (gitignored)	Developer, this repo
4	Shared project	`.claude/settings.json` (committed)	Team, via git
5 (lowest)	User	`~/.claude/settings.json`	Developer, all repos

Settings precedence, highest to lowest. Managed sits above CLI flags.

Endpoint-managed settings: file paths

Endpoint-managed (file/MDM) settings are read from a fixed system path per OS, protected by the OS so the user running Claude cannot edit them. Each OS also reads a managed-settings.d/ drop-in directory beside the base file.

OS	managed-settings.json path	Drop-in directory
macOS	`/Library/Application Support/ClaudeCode/managed-settings.json`	`/Library/Application Support/ClaudeCode/managed-settings.d/`
Linux / WSL	`/etc/claude-code/managed-settings.json`	`/etc/claude-code/managed-settings.d/`
Windows	`C:\Program Files\ClaudeCode\managed-settings.json`	`C:\Program Files\ClaudeCode\managed-settings.d\`

managed-settings.json locations, current as of 2026-06-15.

Channel	Target	Notes
macOS managed prefs	`com.anthropic.claudecode`	Jamf / Kandji etc.; nested settings → plist dicts, arrays → plist arrays
Windows registry (admin)	`HKLM\SOFTWARE\Policies\ClaudeCode`	Value `Settings` (`REG_SZ`/`REG_EXPAND_SZ`) holding JSON; GPO or Intune
Windows registry (user)	`HKCU\SOFTWARE\Policies\ClaudeCode`	Lowest-priority policy source; used only when no admin source exists

OS-native policy delivery as an alternative to the file (usual fleet path).

managed-settings.d/ merge order

The base managed-settings.json loads first, then every *.json in the drop-in directory is sorted alphabetically and merged on top: scalars override (later wins), arrays concatenate and de-duplicate, objects deep-merge, hidden dotfiles are ignored. Numeric prefixes like 10-telemetry.json and 20-security.json let separate teams ship independent fragments in a deliberate order.

Two ways to enforce the top of the stack

Endpoint-managed (file / MDM)

A managed-settings.json on disk, pushed by MDM or registry.

Strongest — the OS protects the file, so it holds even if the user edits their own env or config. Required for OS-only keys like policyHelper and wslInheritsWindowsSettings. Needs device management to deploy at scale.

Server-managed (admin console)

Set in Claude.ai under Admin Settings → Claude Code → Managed settings (Primary Owner / Owner only); clients fetch it when users authenticate with org credentials.

No MDM, no file on disk. For unmanaged / BYO devices. Teams + Enterprise only; needs v2.1.38+ (Teams) or v2.1.30+ (Enterprise) and network access to api.anthropic.com.

Route inference to Bedrock or Vertex

Provider selection is set through environment variables. On a fleet, ship them through the managed-settings env block so they apply uniformly and a developer cannot unset them. One enable flag per provider; the rest sets region, project, and which model the opus/sonnet/haiku aliases resolve to.

Enable Amazon Bedrock

Set the enable flag and region
Export CLAUDE_CODE_USE_BEDROCK=1 and a region. As of v2.1.172 region resolves AWS_REGION → AWS_DEFAULT_REGION → active AWS profile region → fallback us-east-1. On v2.1.171 and earlier Claude Code does not read AWS config files, so set AWS_REGION explicitly.
Provide credentials
Use the standard AWS SDK chain: aws configure, env access keys, SSO (aws sso login --profile), or a Bedrock API key in AWS_BEARER_TOKEN_BEDROCK. The IAM principal needs bedrock:InvokeModel, bedrock:InvokeModelWithResponseStream, bedrock:ListInferenceProfiles, bedrock:GetInferenceProfile, plus aws-marketplace:ViewSubscriptions/Subscribe for first-time model access.
Run the wizard or re-run setup
Run claude → 3rd-party platform → Amazon Bedrock (re-runnable with /setup-bedrock); it writes the result into the env block of your user settings.
Pin model versions
Set ANTHROPIC_DEFAULT_OPUS_MODEL / SONNET / HAIKU to cross-region inference-profile IDs (us. prefix, us-gov. in GovCloud) before rolling out. Run /status to confirm what resolved.

Bedrock: enable, region, and pinned model IDs (cross-region inference profiles)

export CLAUDE_CODE_USE_BEDROCK=1
export AWS_REGION=us-east-1   # optional if your AWS profile already sets one
 
# Pin model versions for a multi-user rollout — use the us. inference-profile prefix
# (us-gov. in GovCloud). Without these, 'opus' resolves to Opus 4.6 on Bedrock.
export ANTHROPIC_DEFAULT_OPUS_MODEL='us.anthropic.claude-opus-4-8'
export ANTHROPIC_DEFAULT_SONNET_MODEL='us.anthropic.claude-sonnet-4-6'
export ANTHROPIC_DEFAULT_HAIKU_MODEL='us.anthropic.claude-haiku-4-5-20251001-v1:0'

Enable Google Vertex AI

Set enable flag, region, and project
Export CLAUDE_CODE_USE_VERTEX=1, a region in CLOUD_ML_REGION (global, a multi-region like eu/us, or a specific region like us-east5), and ANTHROPIC_VERTEX_PROJECT_ID. The sign-in wizard requires v2.1.98+ (/setup-vertex to re-run).
Mind the project-ID precedence
GOOGLE_APPLICATION_CREDENTIALS, then GOOGLE_CLOUD_PROJECT/GCLOUD_PROJECT, take precedence over ANTHROPIC_VERTEX_PROJECT_ID.
Authenticate and enable the API
Uses GCP Application Default Credentials; gcpAuthRefresh can run gcloud auth application-default login for you (3-minute timeout). Enable the API with gcloud services enable aiplatform.googleapis.com and request model access in the Vertex AI Model Garden (approval can take 24–48h). IAM role: roles/aiplatform.user (needs aiplatform.endpoints.predict).
Pin model versions
Set the ANTHROPIC_DEFAULT_*_MODEL vars before rollout; unpinned opus resolves to Opus 4.6 on Vertex.

Vertex AI: enable, region, project, and pinned model IDs

export CLAUDE_CODE_USE_VERTEX=1
export CLOUD_ML_REGION=global                 # or a multi-region (eu, us) or region (us-east5)
export ANTHROPIC_VERTEX_PROJECT_ID=YOUR-PROJECT-ID
 
# With CLOUD_ML_REGION=global, override per-model regions for models lacking a
# global endpoint, e.g.:
export VERTEX_REGION_CLAUDE_HAIKU_4_5=us-east5
 
# Pin versions — without these, 'opus' resolves to Opus 4.6 on Vertex.
export ANTHROPIC_DEFAULT_OPUS_MODEL='claude-opus-4-8'
export ANTHROPIC_DEFAULT_SONNET_MODEL='claude-sonnet-4-6'
export ANTHROPIC_DEFAULT_HAIKU_MODEL='claude-haiku-4-5@20251001'

confirm the active provider and region

… scroll to run this session

After deploying provider env vars, /status confirms what each client resolved — provider, region, and the model behind each alias.

Usage analytics

Three mechanisms expose Claude Code usage; pick by what you need.

Mechanism	How you get it	Key scope limit
Dashboard	In Claude / Console (Team & Enterprise); announced 2025-08-20	Basic relative to the API; not for per-user export
Analytics Admin API	`GET /v1/organizations/usage_report/claude_code` with an `sk-ant-admin…` key	Tracks the Claude API path only — excludes Bedrock / Vertex / Foundry
OpenTelemetry	`CLAUDE_CODE_ENABLE_TELEMETRY=1` + `OTEL_*` exporters	You run the collector; privacy gates default off

Three analytics mechanisms and their scope limits.

Analytics Admin API

GET https://api.anthropic.com/v1/organizations/usage_report/claude_code, authenticated with an Admin API key (sk-ant-admin…, provisioned only by org admins in the Console) sent as x-api-key with anthropic-version: 2023-06-01. Free to any org with Admin API access; not available for individual accounts. Data is daily-aggregated — one record per user per day, UTC, ~1-hour freshness delay. starting_at=YYYY-MM-DD is required; limit defaults to 20 (max 1000); page is an opaque cursor.

Each record carries num_sessions, lines_of_code.added/removed, commits_by_claude_code, pull_requests_by_claude_code, per-tool accept/reject counts (edit_tool, multi_edit_tool, write_tool, notebook_edit_tool; acceptance rate = accepted ÷ (accepted + rejected)), and a per-model breakdown of tokens and estimated_cost.amount in cents USD. It reports the Claude API path only — Bedrock, Vertex, and Foundry are excluded (use the cloud provider's billing plus OpenTelemetry). Claude Enterprise (claude.ai) activity is reported through a separate Claude Enterprise Analytics API that uses an Analytics key, not an Admin key.

Tip:OpenTelemetry: ship it through managed settings

Enable with CLAUDE_CODE_ENABLE_TELEMETRY=1, then set OTEL_METRICS_EXPORTER / OTEL_LOGS_EXPORTER (otlp | prometheus | console | none), OTEL_EXPORTER_OTLP_PROTOCOL, OTEL_EXPORTER_OTLP_ENDPOINT, and OTEL_EXPORTER_OTLP_HEADERS. Deploy these through the managed-settings env block so a developer cannot unset them. Useful metrics: claude_code.session.count, claude_code.lines_of_code.count, claude_code.commit.count, claude_code.pull_request.count, claude_code.cost.usage (USD), claude_code.token.usage (broken down by type — input/output/cacheRead/cacheCreation). Defaults export every 60s for metrics, 5s for logs. Privacy gates OTEL_LOG_USER_PROMPTS, OTEL_LOG_TOOL_DETAILS, OTEL_LOG_TOOL_CONTENT, OTEL_LOG_RAW_API_BODIES all default off — turn them on deliberately.

Build a managed policy

Enterprise policy builder

Assemble a Claude Code policy — permission deny / ask / allow rules, a default model and mode, env vars, and managed-policy lockdowns. The settings.json on the right rewrites itself as you click, and the note tells you exactly which settings layer it belongs in.

Settings layer

Where this file ships. Managed (enterprise) settings sit at the top of the stack and cannot be overridden by project or user settings.

Permission rules

Each rule lands in permissions.deny / ask / allow. Precedence runs deny → ask → allow: a deny always wins.

denyRead(./.env)

denyBash(curl:*)

askBash(git push:*)

allowBash(npm run test:*)

Runs with no prompt once it matches.

Quick presets

Default model

permissions and model are independent — pin a model org-wide, or leave it on the account default.

Omit the key — let the org default apply.

Default permission mode

permissions.defaultMode sets how freely Claude acts before asking. Omitted when left on default.

Prompt on first use of each tool.

Lockdowns

The guardrails an admin reaches for. Managed-only keys are ignored outside the managed layer.

Environment variables

env applies to every session and spawned subprocess — e.g. pin a region or disable telemetry org-wide.

cleanupPeriodDays

Policymanaged-settings.json

{  "$schema": "https://json.schemastore.org/claude-code-settings.json",  "permissions": {    "deny": [      "Read(./.env)",      "Bash(curl:*)"    ],    "ask": [      "Bash(git push:*)"    ],    "allow": [      "Bash(npm run test:*)"    ],    "disableBypassPermissionsMode": "disable"  }}

Pick permission rules, allowed tools, a default model, and lockdown toggles — and copy the managed settings.json that enforces them.

Governance controls

Some keys are managed-only — they take effect only when read from the managed scope and are ignored in user or project settings.

Key	Effect
`allowManagedPermissionRulesOnly`	Only managed `allow`/`ask`/`deny` rules apply; the user’s own rules are dropped
`allowManagedMcpServersOnly`	Only managed `allowedMcpServers` are respected (a managed `deniedMcpServers` still merges from all sources)
`allowManagedHooksOnly`	Only managed, SDK, or force-enabled-plugin hooks load
`forceLoginOrgUUID` / `forceLoginMethod`	Pin the Anthropic org and method (`"claudeai"` or `"console"`) users may sign in with
`requiredMinimumVersion` / `requiredMaximumVersion`	Block startup outside a version range
`permissions.disableBypassPermissionsMode: "disable"`	Disable `bypassPermissions` mode org-wide (effective from any scope, strongest from managed)
`permissions.disableAutoMode: "disable"`	Disable the research-preview `auto` mode

Managed-only governance keys and what they enforce.

See deny → ask → allow resolve across scopes

Permission simulator

Pick an action and a permission mode. The engine runs the same deny → ask → allow precedence Claude Code uses and reveals the verdict — with the one rule that fired.

Action

What is Claude about to do?

Permission mode

How freely is Claude allowed to act?

permission check

defaultMode

Edit config.ts

mode = default

ASKPauses for your approval

Editing a file is a modification — default mode prompts you to approve it first.

ask · Edit (first use)

A deny from any scope beats an allow from any other, in every mode — even bypassPermissions. Add rules, switch modes, and watch the verdict resolve.

Knowledge check

You ship a managed-settings.json that denies `Bash(rm:*)`. A developer launches Claude with `--allowedTools "Bash(rm:*)"`. What happens?

Identity, credentials, and audit

Enterprise adds SSO (SAML 2.0 / OIDC), domain capture, role-based permissions, a compliance API, and the managed policy settings above. For CI, mint a token with claude setup-token, which produces a one-year CLAUDE_CODE_OAUTH_TOKEN. Settings-change events are available via the compliance API / audit-log export (arranged through your Anthropic account team), and ConfigChange hooks can log or block runtime configuration changes. On Team and Enterprise, admins can toggle Remote Control and web sessions org-wide from the Claude.ai admin settings.

Target	Where credentials live
macOS	macOS Keychain
Linux	`~/.claude/.credentials.json` (mode `0600`)
Windows	`%USERPROFILE%\.claude\.credentials.json`
CI / headless	`CLAUDE_CODE_OAUTH_TOKEN` from `claude setup-token` (1-year)

Credential storage by OS, plus the CI token.

Reach the end and this star joins your charted sky.