Your first Access bundle
An Access bundle is a named set of credentials, repository grants, and instructions that Claude uses in the channels the bundle covers. A connection is one service credential inside a bundle, like a Datadog API key or a warehouse service account, that Claude uses to act in that service from any channel under the bundle’s scope. If you’re in the setup wizard, it has already created your first bundle (named Slack default) and is showing you its connection list; skip to Decide what to connect. The steps below are for creating a bundle outside the wizard, on the admin page directly.Open the admin page
Go to
claude.ai/admin-settings/claude-tag. Under Claude Tag’s access, the Slack tab shows your scopes (Default Slack access, then each workspace).Create a bundle on a scope
On the scope where you want the bundle to apply, click + next to Access bundles and choose Create new bundle. This creates the bundle and attaches it to that scope in one step; the bundle dialog opens.
data-readonly, github-write, monitoring, gtm-tools. A capability name stays meaningful when the same bundle serves several teams; a team name (devprod-team) works when one team’s full access is the unit you’ll reuse.
Why create more than one bundle
Multiple bundles let you grant access by capability and compose it per channel. For example, with separatedata-readonly, github-write, and monitoring bundles: #platform-eng gets all three, #gtm-analytics gets only data-readonly, and #incidents gets monitoring plus github-write. Each credential is defined once, so rotating a Datadog key means editing one bundle without touching the others.
A bundle also has Domains, Plugins, and Instructions tabs alongside Credentials and Repositories. Use the bundle’s Instructions for guidance that should travel with a credential; use per-scope custom instructions for guidance tied to a place.
Decide what to connect
Six categories cover most of the work teams hand to Claude. Any service with an HTTP API can be added; start with the categories that match what your teams already do. Read-only connections are most useful in combination: an answer that joins the ticket, the deploy, and the error rate needs all three systems connected. Connecting many systems read-only is a different decision from granting write access anywhere.| Connect | Examples | Recommended access | What it adds |
|---|---|---|---|
| Knowledge and docs | Google Drive, Notion, Confluence | Read | Answers grounded in design docs, runbooks, and prior decisions |
| Code | GitHub, GitLab | Read and write | Branches, pull requests, review, CI follow-up. GitHub is configured separately |
| Data warehouse | BigQuery, Snowflake, Redshift | Read | Data questions answered with charts in the thread; recurring reports |
| Monitoring | Sentry, Datadog, PagerDuty | Read | Logs, metrics, and errors for debugging and incident work |
| Issue tracking | Linear, Asana, Jira | Read and write | File tickets and post status updates where work lives |
| Go-to-market | HubSpot, Gong, Salesforce | Read | Pipeline and customer state for account questions |
Create a dedicated account per service
For each tool, create a dedicated service identity for the agent rather than reusing a person’s credentials or a shared bot key. The credential you connect is Claude’s account in that tool, not yours. The pattern depends on the service.| Service type | Recommended pattern |
|---|---|
| Google Workspace (Drive, Calendar, Docs) | Create a virtual user like [email protected] and share the folders and calendars it needs. If using a GCP service-account key with domain-wide delegation, restrict the delegation to that single subject and the minimum OAuth scopes; DWD can otherwise impersonate any user in your domain. |
| SaaS with native service accounts (Datadog, Snowflake, Sentry) | Create a service account in that tool’s admin, scope it to the project or read-only role, and use its API key |
| SaaS without service accounts (Linear, Asana on most plans) | Create a dedicated user seat for the agent and use a personal access token from that seat |
| Cloud APIs (AWS, GCP) | Create a dedicated IAM principal with the narrowest policy that covers the work |
Connect a service that isn’t in the list
For a service without a preset Connect button, use Connect another app at the bottom of the bundle’s Credentials tab. See the Custom connection guide for the form fields, credential types, and how to add a custom MCP server.Allow a host without a credential
For a public API or any host Claude should reach without an injected credential (your status page, a public package registry, an internal service that accepts unauthenticated reads), use the bundle’s Domains tab instead of adding a connection. Enter the hostname (a wildcard is allowed as the leftmost label) and the ports. Requests to that host go through without a credential attached; everything else stays default-deny.Add a connection
On the bundle’s Credentials tab, click Connect next to a listed service, or Connect another app at the bottom for a service not in the list. For a custom connection, choose the credential type:| Credential type | Use for |
|---|---|
| Bearer | API keys and OAuth bearer tokens. Most SaaS REST APIs. |
| Basic | HTTP Basic authentication. |
| AWS SigV4 | Signed requests to AWS APIs with an access key pair. |
| GCP service account key | Google Cloud APIs via a service-account JSON key. Google Workspace services like Drive and Calendar also use this; see the Google guide. |
| OAuth 2.0 client credentials | Server-to-server OAuth. |
| OAuth 2.0 JWT bearer | Server-to-server OAuth. Salesforce uses this. |
| OAuth 2.0 authorization code | Sign in once as an admin; the agent acts as that account. |
Set allowed websites
List the hosts a connection’s credential may be sent to. A wildcard works only as the leftmost label, like*.example.com.
To change a connection’s name or allowed websites after saving, open the ⋮ menu on that connection’s row in the bundle’s Credentials tab and choose Edit. The same menu has Rotate secret (where the credential type supports it) and Delete.
Check the host against your account’s region before saving. Some presets fill a default host that may not match your account’s region; a Datadog key, for example, only works against your account’s Datadog site, like api.datadoghq.com or api.datadoghq.eu.
Restrict by path or method
After saving, you can restrict a connection by URL path or HTTP method, like allowingGET but not DELETE, for control tighter than host-level.
Connections vs claude.ai connectors
The connection gallery lists credential types the agent can hold, not the connectors your organization or its members have set up on claude.ai. A connection authenticates the agent, not a person; a connector on someone’s personal claude.ai account doesn’t appear here. For Google services, use a service-account key or the OAuth sign-in option, both of which give the agent one credential with access to the data the channel needs. Personal connectors keep working in DMs.Attach plugins
A connection grants access; a plugin teaches Claude how to use it well. A plugin is a bundle of skills, reusable instructions for working with a specific tool or following a specific process, and you attach plugins to the same Access bundle or scope that carries the connection, so the credential arrives with directions for using it. A Datadog API key, for example, makes the API reachable, and a Datadog plugin tells Claude which endpoints answer which questions. Sessions in covered channels pick up attached plugins automatically; there is nothing for channel members to install or enable. Anthropic provides plugins for common tools, and you can add your own from a skills repository. To give Claude organization-wide skills, bundle them in a plugin. Updated plugins and skills apply to new threads only. A thread already running keeps the versions it began with; start a fresh thread to pick up the latest. Claude can’t publish a new skill version from inside a thread; that update happens in admin settings.Verify the connection saved
- Each connection is listed in the bundle with the host you set.
- New connections apply to new threads only: an existing thread keeps the connections it started with, so test in a fresh thread.
Related resources
- Set a spend limit: fund usage so the connections you just added can run
- Configure GitHub access: repository access, configured on a separate page
- How agent identity works: how the credentials you just added reach Claude without entering its sandbox