How to Set Up Claude for Your Organization (SSO, Security, and ConnectorsGuide)

Meta description: A complete guide to setting upClaude for your organization. Learn SSO with Google Workspace or MicrosoftEntra ID, user groups, connectors, and secure team rollout without breakingyour systems.

Setting Up Claude for Your Organization (Quick Summary)

If you're rolling Claude out to your team, here's whatactually matters:

•      Verifyyour root domain so your company controls access.

•      Setup SSO with Google Workspace or Microsoft Entra ID to centralize login.

•      Usesimple company-wide groups (admins, team, contractors) instead of per-toolchaos.

•      Keepclient-level access inside the tools where work lives (Drive, ClickUp, Slack,Figma).

•      Enablesafe connectors first (Drive, Slack, Calendar, HubSpot) before sensitive ones(Gmail, QuickBooks, Stripe).

•      Use1Password for API keys and secrets, not for SSO-controlled app logins.

•      Don'tenforce SSO until you've tested it with a real user.

Done right, Claude becomes a shared intelligence layeracross your business. Done wrong, it becomes another tool with messy access andreal risk.

Quick Answer

To set up Claude for your organization:

1.     Verifyyour root domain using a DNS TXT record.

2.     EnableSSO using Google Workspace or Microsoft Entra ID.

3.     Createsimple company-wide groups (admins, team, contractors).

4.     Keepclient access controlled inside tools like Drive, Slack, and ClickUp.

5.     Enablecore connectors first (Drive, Slack, Calendar, HubSpot).

6.     Limitsensitive systems (finance, infrastructure) to admins only.

7.     Usea password manager like 1Password for API keys and shared secrets.

Why the setup matters

AI tools are becoming part of the daily operating system forcompanies.

That's great — but it creates a new problem. If your teamconnects Claude to Google Drive, Slack, HubSpot, ClickUp, Gmail, QuickBooks,Stripe, Webflow, Supabase, and the rest of your stack, Claude stops being justa chatbot. It becomes a layer that can reference company knowledge, clientcontext, internal conversations, financial data, project history, andproduction systems.

That means setup matters.

This guide walks through how to set Claude up for anorganization the right way — domain verification, SSO for both Google andMicrosoft identity providers, user structure, contractor access, connectors,governance, and how this fits with tools like 1Password.

The goal isn't to overcomplicate things. The goal is simple:give your team the power of Claude without accidentally giving everyone accessto everything.

What is Claude for Teams and how is it different from a personal account?

Claude for a team isn't the same as one person using ClaudePro.

A personal Claude account is an individual workspace.The user owns their projects, chats, files, and setup.

A team or organization account is a shared businessenvironment. The organization controls membership, domains, security settings,connectors, and shared access policies.

If someone had a paid individual Claude account beforejoining your team workspace, their old projects generally don't automaticallyappear in the team org. Treat the team workspace as a fresh companyenvironment. Recreate only the projects, prompts, files, and workflows that areactually worth carrying forward.

That's usually a good thing — it forces people to separatepersonal experimentation from company infrastructure.

How do you verify your domain in Claude?

Domain verification is the first real admin step. It provesyour company controls its email domain. If your team uses @yourcompany.com, youverify yourcompany.comby adding a DNS TXT record.

Per Anthropic's documentation, domain verification isrequired before you can configure SSO. Once a domain is verified at the parentorganization level, other Claude organizations cannot claim that same domain.Verifying a domain on its own doesn't change existing user access — nothingbreaks until you explicitly enforce SSO.

Why it matters:

•      Preventssomeone else from claiming your domain in Claude.

•      Letsyou turn on Restrict organization creation, so employees can't spin upseparate Claude organizations using your company email domain.

•      UnlocksSSO configuration and stronger access control.

Verify the root domain, not www

A common DNS mistake is trying to verify www.yourcompany.com insteadof the root.

Verify this:

yourcompany.com

Not this:

www.yourcompany.com

www isusually already a CNAME record pointing to your website host — Webflow,Squarespace, Framer, whatever. DNS doesn't allow a hostname to have a CNAME anda TXT record at the same time. Trying to add a TXT to www creates a conflict. Trying to replace the www CNAME can break yoursite.

Use:

•      Host:@

•      Type:TXT

•      Value:the verification string Claude provides

Once the root domain is verified, turn on Restrictorganization creation in your admin settings.

What is SSO and do you actually need it?

Before setting up SSO, it helps to understand the threelogin models you can end up with. They sound similar. They aren't.

Option 1: Email and password

The user signs in with person@yourcompany.com plus a password stored inClaude.

This is the weakest model. The email uses your domain, butthe login is owned by the app. If the person leaves and you disable theirGoogle or Microsoft account, they may still be able to log into Claude if youforgot to remove them there.

Option 2: "Sign in with Google" or "Sign in withMicrosoft"

The user clicks a social login button. Google or Microsoftauthenticates them, and the app accepts that identity.

This is better — identity is verified by your identityprovider, not by Claude. But the app still manages its own membership. Your IdPconfirms who the person is; Claude still decides what they canaccess.

Option 3: SSO through SAML

With SSO, Claude redirects users to your identity provider —Google Workspace, Microsoft Entra ID, Okta, or similar. The IdP authenticatesthe person and returns a signed identity response. You control login policycentrally.

This is the strongest model.

Put simply:

•      Email+ password: the app owns the login.

•      Signin with Google/Microsoft: the IdP verifies identity, but the app still ownsaccess.

•      SAMLSSO: your organization owns the login policy and can enforce it.

SSO on Claude is available on Team and Enterprise plans.Anthropic uses WorkOS as the underlying SSO platform, which is why the setupflow references WorkOS behind the scenes.

How do you set up SSO with Google Workspace?

If your company uses Google Workspace, you configure ClaudeSSO with Google SAML.

In Claude:

8.     Goto Settings → Authentication.

9.     OpenSetup SSO (or Manage SSO if you've started before).

10.  Select GoogleSAML as the identity provider.

11.  Claude willdisplay the service-provider values you need to copy over: ACS URL (alsocalled the Reply URL) and Entity ID (also called the Audience URI).

In Google Admin (admin.google.com):

12.  Go to Apps→ Web and mobile apps.

13.  Add app→ Add custom SAML app.

14.  Name it Claude.

15.  Google willgive you:

  - SSO URL    - Entity ID    - X.509 Certificate

Back in Claude:

16.  Paste theSSO URL, Entity ID, and certificate from Google — or, faster, upload the Federationmetadata XML file. Claude will auto-fill the signing certificate, IdPEntity ID, and SSO URL.

17.  Configureattribute mapping:

  - email →primary email    - firstName →first name    - lastName → lastname

18.  Turn theGoogle SAML app on for yourself first. Test the login before giving anyone elseaccess.

If Google ever shows an expired SAML certificate, generate anew active certificate and update it in Claude. An expired cert will silentlybreak SSO sign-in.

Do not enforce SSO until you've confirmed the testworks.

How do you set up SSO with Microsoft Entra ID?

If your company runs on Microsoft 365, you use MicrosoftEntra ID (formerly Azure AD) as the SAML identity provider. The flow mirrorsGoogle's, but the admin panel is different.

In Claude:

19.  Go to Settings→ Authentication → Setup SSO.

20.  Select youridentity provider (the setup flow supports Entra ID via SAML).

21.  Copy the EntityID (Audience URI) and ACS URL (Reply URL) — you'll paste these intoEntra.

In the Microsoft Entra admin center(entra.microsoft.com):

22.  Go to Identity→ Applications → Enterprise applications.

23.  Newapplication → Create your own application.

24.  Name it Claude. Choose Integrateany other application you don't find in the gallery (Non-gallery). Create.

25.  Open theapp → Single sign-on → SAML.

26.  Under BasicSAML Configuration, click Edit and set:

  - Identifier(Entity ID): the Entity ID from Claude   - Reply URL (ACS URL): the ACS URL from Claude    - Leave Sign on URL blank (SP-initiatedsign-in works without it).

27.  Under Attributes& Claims, confirm the default claims are present. Entra provides themout of the box:

28.  Under SAMLCertificates, download the Federation Metadata XML file.

29.  Under Usersand groups, assign the users or groups who should have access to Claude.Entra blocks sign-in for unassigned users — this is the single most commonEntra mistake.

Back in Claude:

30.  Upload theFederation Metadata XML. Claude auto-fills the signing certificate, IdP EntityID, and SSO URL.

31.  Testsign-in with a non-admin assigned user in an incognito window before enablingSSO enforcement.

Entra-specific gotchas

•      Unassignedusers are blocked. Assigning users in the Enterprise app is separate fromthe SAML config. Forget it and sign-in fails.

•      ConditionalAccess. If your tenant has MFA or compliant-device policies, scope them tothe Claude Enterprise app. A global block without Claude excluded will breaksign-in.

•      Certificaterollover. Entra SAML certificates default to a three-year lifetime. Createthe new cert as Active, re-download the metadata, and re-upload it to Claude beforethe old cert expires.

•      NameIDformat. Use emailAddress. If userPrincipalNameand mail divergefor any user, you can end up with duplicates.

Should you enforce SSO immediately?

No. There's a difference between having SSO configuredand having SSO enforced.

When SSO is configured but not enforced, users can still login with their previous methods. When SSO is enforced, they must log in throughyour identity provider.

Claude lets you enforce SSO separately for Claude(the chat and team workspace) and Console (the API and developerplatform). Most teams should enforce SSO for Claude first and leave Consoleenforcement off unless the team is actively using Anthropic's developerplatform.

A safe rollout looks like this:

32.  ConfigureSSO.

33.  Turn theSSO app on for yourself.

34.  Test loginend-to-end.

35.  Add onebackup admin with SSO access.

36.  Have one ortwo team members test login.

37.  Thenenforce SSO for Claude.

This is how you avoid locking yourself or the team out.

Which provisioning model should you choose (Invite Only, JIT, or SCIM)?

Claude supports three approaches to adding users.

•      InviteOnly. Admins manually invite users. SSO still controls login, but adminscontrol org membership.

•      JIT(Just-In-Time). The first time a user successfully authenticates via SSO,they're auto-joined to the Claude org. Fast — but every new user can consume apaid seat.

•      SCIM.Your identity provider syncs users (and optionally groups) automatically toClaude. This is available on the Enterprise plan only.

Anthropic's provisioning documentation explicitly warns thatsaving provisioning changes before you've assigned users in the identityprovider can result in users being deprovisioned from the Claude organization.Order matters: assign first, then save.

Rule of thumb:

•      Small/ mid teams: start with Invite Only. You get clean control while you'rerolling out.

•      Largerteams on Team plan: graduate to JIT once you want anyone with companySSO access to auto-join.

•      Enterpriseteams: use SCIM for full lifecycle automation — create, update, anddeprovision users from a single source of truth.

Entra ID SCIM pushes changes on roughly a 40-minute cycle.Plan for that delay when deprovisioning.

How should you structure users with groups (admins, team, contractors)?

Once SSO works, the next question is groups.

A common mistake is creating a new group for every tool:

claude-users@company.comslack-users@company.com clickup-users@company.com hubspot-users@company.com

That gets messy fast.

A better pattern is to create general company access groupsand reuse them across tools.

A clean base:

admins@yourcompany.comteam@yourcompany.com contractors@yourcompany.com

Optional functional groups:

engineering@yourcompany.commarketing@yourcompany.com finance@yourcompany.com

The principle: groups describe people's role in thecompany, not the specific app. Each app then uses those groups to decideaccess.

•      Claude:admins get admin access, team gets normal user access, contractors only whenneeded.

•      Slack:team gets workspace access, contractors get channel-specific access.

•      HubSpot:marketing and admins; contractors rarely.

•      ClickUp:team gets workspace access, contractors get project-specific access.

This keeps the identity layer clean.

How do you manage contractors and client access?

Contractors shouldn't be treated the same as employees. Theywork on specific projects or clients. They don't need broad company access.

The right approach is layered.

At the company identity level:

•      Putcontractors in contractors@yourcompany.com.

•      Thatsays: known external contributor.

At the tool level:

•      Grantaccess only to the specific client folder, project, channel, or workspace theyneed.

•      Don'tcreate 60 different Google Groups for 60 clients unless you truly need thatlevel of automation.

Example — a contractor working on Client A only:

•      GoogleWorkspace: Add them to contractors@yourcompany.com.

•      GoogleDrive: Access only to the Client A folder.

•      ClickUp:Invite only to the Client A space/folder/list.

•      Slack:Add only to Client A channels.

•      Figma:Access only to Client A projects.

•      Claude:Their connector access reflects the underlying tool permissions.

Claude connectors rely on the permissions of the connecteduser. If a person can't access a file, folder, or channel in the source system,they shouldn't be able to access it through Claude.

Don't use Claude as the place you solve every permissionproblem. Fix permissions in the source systems.

What are Claude connectors and how should you use them?

Connectors let Claude reference other apps and services.This is where Claude becomes much more useful — it can pull context from GoogleDrive, Slack, Gmail, Calendar, HubSpot, Figma, Webflow, Stripe, QuickBooks,Supabase, Vercel, Zapier, Make, and others.

Connectors also introduce risk. The governance modelmatters.

Per Anthropic's connector documentation:

•      OnTeam and Enterprise plans, an Owner or Primary Owner must enable a connectorat the organization level before anyone can use it.

•      Onceenabled, individual users still need to authenticate their own accountbefore using it.

•      Claudeonly sees what the authenticating user can already access in the source tool.Underlying tool permissions carry through.

That distinction matters:

•      Enablinga connector at org level = "this connector is allowed for theteam."

•      Userauthentication = "this person has connected their own account."

•      Toolpermissions = what Claude can actually touch inside that account.

Which connectors should you enable first?

Don't enable every connector just because it exists. Startwith ones that create obvious productivity gains with manageable risk.

Start here:

•      GoogleDrive

•      Slack

•      GoogleCalendar

•      HubSpot(if you use it for CRM)

•      ClickUp(or your PM tool)

•      Fireflies/ Fellow / meeting transcription

These help the team find project context, summarizemeetings, turn notes into client recaps, pull action items, and understandsales history.

Add more sensitive connectors only after governance is inplace:

•      Gmail

•      QuickBooks

•      Stripe

•      Ramp

•      AWS/ Supabase / Vercel

•      Zapier/ Make

•      DocuSign

These touch financial data, production infrastructure,client communications, contracts, and automation workflows.

Suggested connector policy by risk tier

Low to moderate risk (easier to pilot, still applynormal permissions): Google Drive, Google Calendar, Fireflies, Fellow, Figma,Miro, Canva, Ahrefs, Postman.

Moderate to high risk (role-based access, carefulenable): Slack, Gmail, HubSpot, ClickUp, Mailchimp, Klaviyo, Apollo, ZoomInfo,Webflow, WordPress.

High risk (admin-only, strict controls): QuickBooks,Stripe, Ramp, DocuSign, AWS, Supabase, Vercel, Zapier, Make, GoDaddy.

Read-only first: restricting connector actions

For any connector that can take actions, default toread-only where possible.

Anthropic's connector documentation notes that Team andEnterprise owners can restrict actions within a connected service — forexample, allowing Claude to search and summarize email while preventing it fromsending, or allowing Drive reads while preventing edits. These restrictionsapply organization-wide and individual users cannot override them.

The right question isn't "Can Claude do this?"It's "Should Claude be allowed to do this for everyone?"

Sensible defaults:

•      GoogleDrive: search + summarize. Careful with create/edit/delete.

•      Gmail:search + summarize. Careful with send.

•      Slack:search + summarize. Careful with posting.

•      ClickUp:read tasks + summarize project state. Careful with create/edit/close.

•      QuickBooks:reporting and lookup for finance roles. Avoid broad write.

•      Stripe:payment and subscription lookup for trusted people only. Careful with refundsand billing changes.

•      AWS/ Supabase / Vercel: engineering/admin-only. Read-only unless there's acontrolled workflow.

•      Zapier/ Make: highest risk — they move data and trigger actions across manysystems.

How does Claude work with tools like 1Password?

SSO and 1Password solve different problems.

•      SSOcontrols who can log into apps.

•      1Passwordcontrols who can access secrets.

Use both.

Don't store normal SSO app passwords in 1Password if the appshould be accessed through Google or Microsoft SSO. Duplicating that creates asecond path to the app that SSO enforcement can't close.

Use 1Password for:

•      APIkeys

•      Recoverycodes

•      Admincredentials

•      Sharedcredentials for legacy tools that don't support SSO

•      Client-specificcredentials

•      Environmentvariables and infrastructure secrets

A simple vault structure:

•      Adminvault: owners only. Billing, root accounts, domain registrars,infrastructure.

•      Teamvault: low-risk shared tools.

•      Clientvaults: one per client or client group. Only assigned people get access.

•      Contractorvault: only if needed. Limited, temporary, scoped.

Offboarding covers both layers: disable the Google orMicrosoft account and remove the person from 1Password vaults. SSO-onlymisses API keys. 1Password-only misses SSO-managed app access.

How do you handle many clients without creating chaos?

If your company serves many clients, don't try to modelevery client inside your identity provider unless you have a mature ITfunction.

For most agencies, consultancies, and service firms,client-level permissioning should live inside the tools where the work happens.

The pattern:

•      GoogleWorkspace / Entra ID: high-level identity. Groups like admins, team,contractors.

•      GoogleDrive: client folders with per-folder permissions.

•      ClickUp:client spaces, folders, or lists. Contractors invited only where needed.

•      Slack:client channels. Contractors in relevant channels only.

•      Figma:client files or projects, scoped by project.

•      1Password:client-specific vaults.

•      Claude:available to the right people; relies on source-system permissions.

This prevents identity bloat. You don't need 60 GoogleGroups for 60 clients. You need a clean base structure and disciplinedproject-level permissions.

How do you set organization-wide Claude instructions?

Claude supports organization preferences — admin-configuredinstructions that apply across the organization.

Per Anthropic's documentation, admins can set organizationpreferences in Organization Settings, with a maximum length of 3,000characters. Changes may take up to an hour to propagate across Claude products.

This is a lightweight governance layer. Use it forexpectations, not policy documents.

Examples:

•      "Alwaysdistinguish facts from assumptions."

•      "Donot send client-facing work without human review."

•      "Preferconcise, direct communication."

•      "Whensummarizing client work, include next steps, risks, and open questions."

•      "Donot expose sensitive client data unless necessary."

A few clear rules beat a long manifesto nobody reads.

How do Claude Skills help standardize team workflows?

If your team runs repeatable workflows, Claude Skills cancodify them.

Admins can provision organization Skills that becomeavailable to all users in the org. Users can toggle skills off individually,but admin-provisioned skills create consistent, approved workflows across theteam.

Good use cases for an agency or consultancy:

•      Clientrecap writing

•      Scopeof work drafting

•      Discoverycall analysis

•      SEOcontent briefs

•      ProjectQA checklists

•      Salesproposal generation

•      Internalstrategy memos

This is where Claude stops being a chatbot and starts beinga reusable operating layer.

How do you train your team to actually use Claude well?

Your team doesn't need a SAML and DNS lecture. They needsimple rules.

Use Claude for:

•      Turningmessy notes into clear outputs

•      Findinginformation faster

•      Summarizingcalls, docs, threads, project context

•      Structuringscopes, plans, strategies, emails

•      Thinkingthrough problems

Don't use Claude for:

•      Finaldecisions without human judgment

•      Sendingraw output to clients

•      Handlingsensitive data casually

•      Makingchanges in production systems without review

•      Approvingfinancial, legal, or contractual decisions on its own

Teach better prompting.

Bad: "Summarize this."

Better: "Summarize this for a client-facing email.Include decisions made, open questions, risks, and next steps. Keep the tonedirect and professional."

Bad: "What is this project?"

Better: "Summarize this project for someone joiningthe account. Include the client goal, current status, important context,blockers, and what we should do next."

Prompt quality determines output quality.

What's a safe rollout plan?

Phase 1: Admin setup

•      Verifythe root domain.

•      Turnon restrict organization creation.

•      Setup SSO (Google or Microsoft).

•      TestSSO with one admin.

•      Keepprovisioning as Invite Only.

•      Don'tenforce SSO until tested.

Phase 2: Access structure

•      Creategeneral groups: admins, team, contractors.

•      Mapaccess at a high level.

•      Avoidcreating app-specific groups unless necessary.

Phase 3: Core connectors

•      Enable:Google Drive, Slack, Google Calendar, ClickUp, meeting tool, HubSpot (ifrelevant).

•      Keepsensitive connectors off or admin-only.

Phase 4: Governance

•      Writesimple internal usage rules.

•      Setorganization preferences (the 3,000-char instruction block).

•      Definewhat Claude can and cannot be used for.

•      Trainthe team with real examples.

Phase 5: Sensitive systems

•      EvaluateGmail, QuickBooks, Stripe, Ramp, AWS, Supabase, Vercel, Zapier, Make, DocuSignone at a time.

•      Startread-only where possible.

•      Restrictwrite actions.

•      Limitto trusted roles.

Phase 6: Contractors and clients

•      Usecompany-controlled accounts where possible.

•      Addcontractors to the contractors group.

•      Granttool-level access only to specific clients.

•      Useclient-specific Drive folders, ClickUp spaces, Slack channels, Figma projects,and 1Password vaults.

•      Removeaccess immediately when work ends.

What's the offboarding checklist when someone leaves?

•      Suspendor disable the Google Workspace or Microsoft 365 account.

•      Removefrom the Claude org.

•      Removefrom Google Groups.

•      Removefrom 1Password vaults.

•      Removefrom Slack, ClickUp, HubSpot, Webflow, Figma, and anything not fullySSO-controlled.

•      Transferownership of files, automations, dashboards, and recurring workflows.

•      Audithigh-risk tools: Stripe, QuickBooks, AWS, Supabase, Vercel, Zapier, Make,GoDaddy, DocuSign.

•      Rotateany shared passwords or exposed API keys.

SSO reduces offboarding risk. It doesn't eliminate the needfor the checklist.

Common mistakes when setting up Claude

38.  Connectingevery tool immediately. Start with core connectors. Add sensitive ones oncegovernance is in place.

39.  Givingcontractors full access. Scope everything at the tool level.

40.  Managingclient access through Google Groups. Let tools handle project-level access.

41.  SkippingSSO. Email/password is the weakest login model.

42.  EnforcingSSO too early. Configure, test, backup admin, then enforce.

43.  Leavingwrite access on connectors by default. Default to read-only.

44.  StoringSSO app passwords in 1Password. That creates a second login path SSO can'tclose.

45.  Relyingon JIT without understanding seat usage. Every new login can mean a newpaid seat.

46.  Notassigning users in Entra before testing. Entra blocks sign-in forunassigned users — this is the #1 Entra gotcha.

47.  Forgettingcertificate rollover. Expired SAML certs silently break SSO.

The simple operating principle

The best way to manage Claude for an organization is toseparate the layers.

•      Identity:Google Workspace or Microsoft Entra ID.

•      Accessgroups: admins, team, contractors, maybe a few function groups.

•      Toolpermissions: client-level and project-level access inside Drive, ClickUp,Slack, Figma, HubSpot, and others.

•      Secrets:1Password.

•      Claude:the intelligence layer that references approved tools and helps the team workfaster.

Rules:

•      Don'tmake Claude your permission system.

•      Don'tmake Google Groups your project management system.

•      Don'tmake 1Password your access control system.

Each layer has a job. When the layers are clean, Claudebecomes more powerful and less risky.

Frequently asked questions

Does Claude for Teams support Microsoft Entra ID?Yes. Claude supports SAML SSO with Microsoft Entra ID (formerly Azure AD). Youcreate a non-gallery Enterprise application, configure the SAML BasicConfiguration with Claude's Entity ID and ACS URL, and upload the FederationMetadata XML back to Claude to auto-fill the signing certificate, IdP EntityID, and SSO URL.

What's the difference between Sign in with Google and SSOwith Google? "Sign in with Google" uses Google to verifyidentity, but the app still manages membership. SSO through Google SAML makesyour Google Workspace the source of truth — you can enforce that every Claudelogin goes through Google and nothing else.

Is SCIM available on Claude Team? SCIM provisioningis available on the Enterprise plan. Team plans use Invite Only or JIT. Iflifecycle automation matters, plan for Enterprise.

Can contractors use Claude connectors safely? Yes, ifyou scope them at the tool level. Claude connectors inherit the user'sunderlying tool permissions — a contractor who can only see Client A's Drivefolder can only see Client A's Drive folder through Claude.

How long do organization preferences take to apply?Up to roughly an hour to propagate across Claude products.

Should I enforce SSO on Claude and Console at the sametime? Not usually. Enforce SSO for Claude first. Leave Console enforcementoff unless the team actively uses the developer platform and you want APIaccess controlled the same way.

Does Claude see everything in my connectedDrive/Slack/Gmail? Claude can only see what the authenticating user canalready see in that tool. It inherits permissions. It doesn't create new ones.

Need help rolling this out?

If you're setting Claude up internally and want a second set of eyes on the structure — SSO, groups, connectors, contractors, client access— we can walk through your setup and map it around the systems you already use.

→Talk to Square Waves

‍