Tenant Restrictions are available for members of Enterprise plans and Console organizations.
Tenant Restrictions enable IT administrators on Enterprise plans to enforce network-level access control for Claude. This feature ensures that users on corporate networks can only access approved organizational accounts, preventing unauthorized use of personal accounts.
How it works
When enabled, your network proxy injects an HTTP header into requests to Claude. Anthropic validates this header and blocks access from any organization not in the allowed list.
Supported authentication methods:
Web access (claude.ai)
Desktop / App Access
API key authentication
OAuth token authentication
Header format
anthropic-allowed-org-ids: <org-uuid-1>,<org-uuid-2>,...
Comma-delimited list of organization UUIDs
No spaces between values
Example:
anthropic-allowed-org-ids: 550e8400-e29b-41d4-a716-446655440000,6ba7b810-
9dad-11d1-80b4-00c04fd430c8
Split large allowlists across multiple headers
If your allowlist is too long for a single header line on your proxy platform, split it across numbered continuation headers. Append ;n=K to the base header to declare the total number of header lines, then add the remaining UUIDs in headers anthropic-allowed-org-ids1 through anthropic-allowed-org-ids{K-1}.
anthropic-allowed-org-ids: <org-uuid>,<org-uuid>,...;n=K
anthropic-allowed-org-ids1: <org-uuid>,<org-uuid>,...
...
anthropic-allowed-org-ids{K-1}: <org-uuid>,<org-uuid>,...
Maximum of 10 header lines (
K≤ 10)Maximum of 500 organization UUIDs total across all lines
Your proxy must send every declared slot. If you set
;n=3, all three headers must be present on the request.Configure your proxy to overwrite these headers on every request rather than add them only if absent.
Configuration steps
1. Find your organization UUID
Members of Enterprise plans can find this in two different places:
Navigate to Settings > Account and find Organization ID.
Navigate to Organization settings > Organization and scroll down to the bottom of the page to locate Organization ID.
Members of Console organizations can find this in Settings > Organization.
2. Configure your network proxy
Configure your proxy to inject the header for Claude traffic:
Rule: Claude Tenant Restriction
Application: claude.ai, api.anthropic.com, claude.com, anthropic.com
Action: Inject Header
Header Name: anthropic-allowed-org-ids
Header Value:
TLS Inspection: Required
3. Test your configuration
From restricted network, test with your org's API key:
curl https://api.anthropic.com/v1/messages \
-H "x-api-key: $CLAUDE_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{"model":"claude-sonnet-4-6","max_tokens":1024,"messages":
[{"role":"user","content":"Hello"}]}'
Error responses
Access blocked
When a user's organization isn't on the allowlist, they receive a 403 error:
{
"type": "error",
"error": {
"type": "permission_error",
"message": "Access restricted by network policy. Contact IT Administrator.",
"error_code": "tenant_restriction_violation"
}
}
Header configuration errors
If your proxy sends the headers incorrectly, requests fail with a 400 status and one of these messages:
Multiple
anthropic-allowed-org-idsheaders: A header name appeared more than once on the same request. Configure your proxy to overwrite each header rather than append a duplicate.Malformed
anthropic-allowed-org-idsheaders: The;n=Kvalue is invalid, a declared continuation slot is missing or extra, or the total allowlist exceeds 500 UUIDs.
Supported proxy platforms
Zscaler ZIA (Cloud App Control policies)
Palo Alto Prisma Access (SaaS App Management)
Cato Networks (Tenant Restriction policy)
Netskope (Header Insertion rules)
Generic HTTPS proxies with header injection capability
Use cases
Scenario | Header Value |
Single Organization |
|
Multiple Organizations (Partners) |
|
Security benefits
Data Loss Prevention: Block personal account usage from corporate networks.
Compliance: Enforce data residency and access policies.
Shadow IT Control: Prevent unauthorized Claude usage.
Audit Trail: Complete visibility into access attempts.
Backward compatibility
No impact to networks without tenant restrictions configured.
Standard authentication continues for unmanaged networks.
Existing API key authentication remains unchanged.
