Claude Plugged Into Okta, Wiz, CrowdStrike: IT Admin's 30-Min Setup

13 min read By FindSkill Team

Anthropic dropped 28 security integrations May 25. The 30-minute IT-admin setup for Okta, Wiz, CrowdStrike, Cloudflare, Datadog via Claude Compliance API.

Table of Contents

If you got the budget-approval forward from your CISO this week and a question along the lines of “great, now what does Tuesday look like” — the May 25 announcement from Anthropic is the answer. On Monday Anthropic shipped 28 new security and compliance integrations for Claude Enterprise, all powered by a new Claude Compliance API. The reaction on X has been blunt: “shadow AI just stopped being a hypothetical” and “the real moat isn’t the model — it’s getting past the CISO.”

This walkthrough is for the IT admin who has to execute. Not the security architect designing policy. Not the CIO writing the board memo. The person who actually clicks through Okta, Wiz, CrowdStrike, Cloudflare, and Datadog this week.

What just changed

Until last Monday, Claude in the enterprise was a chat product with audit logs but no native connection into the security stack your SOC already runs. The May 25 announcement closes that gap. Anthropic published a Compliance API that exposes two streams of data:

  • Conversation content — chats, uploaded files, and projects from Claude Enterprise
  • Activity events — user logins, admin actions, configuration changes, API key usage, permission changes (available for both Claude Enterprise and Claude Platform/Console)

Twenty-eight named partners now pull from that API into the dashboards your team already watches. Grouped by what they actually do:

  • Identity / posture management: Okta ISPM, SailPoint Identity Security Cloud, Microsoft Purview
  • Endpoint / XDR: CrowdStrike Falcon
  • CASB / DLP / SASE: Netskope, Zscaler, Forcepoint, Proofpoint
  • Cloud security posture / AI data security: Wiz, Cyera
  • SIEM / security analytics / observability: Datadog, Sumo Logic, Cribl, ReliaQuest
  • Vulnerability / dev security: Tenable, Snyk
  • Records, archives, eDiscovery: Relativity, Smarsh, Theta Lake, Mimecast
  • Backup / recovery: Rubrik
  • Other security and data platforms: Cloudflare CASB, Geordie AI, IBM Guardium, Trellix, Varonis, Fortinet, Palo Alto Networks

The product spec is identical to what every SaaS security review asks for: API-driven log access, scoped credentials, and a documented map between vendor events and your SIEM schema. The category is “AI security posture management” if you have to put a line item on next quarter’s budget.

Wiz partner blog announcement headline: “Claude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic’s Compliance API,” dated May 21, 2026 Wiz’s announcement page is the cleanest signal of what the May 25 drop actually changed — Claude entities now appear in cloud-security graphs alongside your other monitored assets. Source: Wiz blog.

The 30-minute IT admin setup

You won’t enable all 28 in one sitting. Pick the three or four your org already pays for, do those first, layer in the rest over the next quarter. Total wall-clock time to get the foundational plumbing in place is about 30 minutes for the Compliance API itself, plus 5-10 minutes per partner connector.

Step 1: Enable the Compliance API in Claude (5 min)

You need to be the Primary Owner of the Claude Enterprise organization. Not an admin — the Primary Owner. If you’re not, ask for delegation, because nobody else can flip this switch.

  1. Sign in to claude.ai as the Primary Owner.
  2. Open Organization settings in the admin interface.
  3. Navigate to Data and privacy.
  4. Under Compliance API, click Enable. (This is genuinely off by default. Anthropic does not turn this on for you.)
  5. Click + Create key to generate a Compliance Access Key.
  6. Copy the key into your secret-management system immediately — same hygiene as a root API key. Vault, 1Password Teams, AWS Secrets Manager, whatever your org uses.

The Compliance Access Key is the high-trust credential. It can reach every endpoint under https://api.anthropic.com/v1/compliance/* — including conversation content. If you need a key that only sees activity events (much narrower blast radius), use an Admin API key with the read:compliance_activities scope instead. For most SIEM/CASB connectors, the scoped Admin API key is enough. For Wiz and Cyera, which want to ingest content for DLP context, you need the full Compliance Access Key.

This is the single decision that matters most in this whole setup. Document which partners get which key type, and rotate both on a 90-day cadence. The Compliance API docs are at platform.claude.com — bookmark them; you’ll come back.

Step 2: Okta ISPM connector (5 min)

Okta announced their integration alongside Anthropic on May 20. Okta Identity Security Posture Management treats Claude as a monitored SaaS app — same posture-management surface as Salesforce, Workday, or any other identity-connected app.

In the Okta ISPM console:

  1. Go to Apps → Add monitored application → Anthropic Claude.
  2. Paste the Compliance Access Key (or scoped Admin API key with read:compliance_activities).
  3. Configure ISPM checks: dormant accounts, admin-API-key staleness, over-privileged admins, missing key rotation.
  4. Turn on the recommended policies so ISPM raises alerts when it finds dormant admins or stale keys.

What you get: ISPM dashboards now include Claude alongside your other monitored SaaS. The check that pays off most often: dormant Claude admin accounts that left the company three quarters ago and still have admin scope. Run that one this week.

Step 3: Wiz Security Graph (10 min)

Wiz published their integration as a separate partner-blog post — “Claude Enterprise Meets the Security Graph.” The connector pulls Claude Enterprise entities (orgs, projects, users, groups, permissions) and activity events into Wiz’s Security Graph. The graph is the part that matters: Wiz can now correlate Claude usage with cloud workloads, IAM principals, and data classifications.

In the Wiz UI:

  1. Integrations → New data source → Anthropic Claude (Claude Compliance API connector).
  2. Paste the Compliance Access Key plus the Claude org identifier.
  3. Choose which entities to ingest: orgs, projects, users, groups, permissions, activity events.
  4. Enable Wiz’s pre-built Claude policies for DLP/exposure risk.

If you already use Wiz for cloud security posture and your team has built custom queries against the graph, the Claude entities will show up in those queries with no extra work. That’s the practical win — anything you’ve already automated against “any SaaS in the graph” now covers Claude too.

Wiz security graph visualization with Wiz and Claude logos paired against a blue background — the Wiz/Anthropic partnership graphic on the announcement page The Wiz/Claude partnership graphic that headlines the integration: Claude entities now flow into the Wiz Security Graph alongside cloud workloads and IAM principals. Source: Wiz blog.

Step 4: CrowdStrike Falcon (5 min)

CrowdStrike Falcon ingests Claude activity via the Compliance API and correlates it with endpoint, identity, and cloud telemetry inside the Falcon console. The detection content team at CrowdStrike publishes baseline rules; you can start with those and tune later.

In the Falcon console:

  1. Add Anthropic Claude as a new log source via the Compliance API connector.
  2. Authenticate with the scoped Admin API key (read:compliance_activities is enough).
  3. Map Claude activity fields — user, org, project, action, IP, timestamp — into Falcon’s schema.
  4. Enable the baseline detection content from CrowdStrike for “Anomalous Claude activity,” then layer your own rules on top.

The use case that earns its keep here: detecting Claude API key abuse by a compromised laptop. Falcon already correlates endpoint signals with identity events; adding the Claude activity stream means a phished credential that someone uses to bulk-download project files shows up in the same alert pane as the endpoint compromise.

Step 5: Cloudflare CASB (5 min)

Cloudflare’s CASB integration is the easiest one to enable if you already use Cloudflare for Zero Trust. No endpoint agent, no inline traffic inspection — just API polling.

In the Cloudflare Zero Trust dashboard:

  1. CASB → Integrations → Cloud & SaaS → Add → Anthropic Claude.
  2. Enter the Compliance Access Key (Cloudflare uses the activity-feed endpoint, so the scoped Admin API key works fine).
  3. Configure DLP profiles for Claude — file uploads, project shares, admin changes.
  4. Set the polling cadence (5-15 minutes is standard for activity-feed integrations).

The standout use: file-upload DLP. If someone uploads a customer list to Claude that they shouldn’t have, Cloudflare CASB now sees that event and can fire a DLP policy without needing to inspect the actual upload (the activity event includes file metadata, which is usually enough for the policy decision).

Step 6: Datadog (5 min)

Datadog ingests Claude Compliance API data either directly through a log integration or via Cribl as a routing layer. The direct path is simpler if you’re under 50,000 Claude events/day.

In Datadog:

  1. Integrations → Logs → Add custom log source → Anthropic Claude Compliance API.
  2. Store the Compliance Access Key as a Datadog secret.
  3. Configure the pull to hit https://api.anthropic.com/v1/compliance/activities on a 5-minute cadence.
  4. Normalize incoming events with tags source:claude, compliance:true, plus your usual env and service tags.
  5. Build monitors for spikes in Claude usage by user, bulk file exports, admin-action bursts.

The Datadog pattern is the most flexible because you can layer the same monitors you’ve built for any other audited system. The Compliance API output is normalized JSON; Datadog’s log pipeline normalizes it further; your existing on-call rotation gets paged the same way they get paged for everything else.

What this means for you

The “30-minute setup” framing only fits if you already operate the relevant security stack. Below is the decision tree by org shape — pick the row that describes you.

If you’re at a 200-person SaaS company with Okta + Datadog + a Cloudflare contract: start with Okta ISPM (Step 2), then Cloudflare CASB (Step 5), then Datadog (Step 6). You’ll be done in 25 minutes. The remaining 23 connectors are noise for your stack — ignore them until your security team explicitly asks.

If you’re at a 2,000-person F500 with Wiz + CrowdStrike + Microsoft Purview + Zscaler: start with Wiz (the graph view of Claude usage against your cloud assets is the highest-leverage starting point), then CrowdStrike for endpoint correlation, then Zscaler for inline DLP. Add Purview only after you’ve talked to the records management team about retention policy for Claude conversations.

If you’re at a regulated entity (financial services, healthcare, public sector): the records-and-eDiscovery cluster matters most — Smarsh, Theta Lake, Relativity, Mimecast. These are the ones the auditor will ask for proof of when they show up in two quarters. Enable the Compliance Access Key for those before the SIEM connectors. Note that Public Sector Claude Enterprise has slightly different availability for the Compliance API — confirm with your Anthropic AE before assuming it’s the same SKU.

If you’re at a 30-person startup on Claude Team (not Enterprise): you don’t have access to the Compliance API yet. The Team plan starts around $25/seat/month with a 5-seat minimum but doesn’t include the Compliance API, SCIM, or audit logs at the same fidelity as Enterprise. Anthropic’s published positioning is that Enterprise is “Contact sales” with custom terms; community-sourced data on observed Enterprise deals points to a seat-fee floor around $60/seat/month, a 70-seat minimum, and 12-month commitment — meaning the floor for Enterprise is roughly $50K-$60K annual commit. If you’re below that scale, what you actually want this week is to wait until your usage justifies the move, not to force the upgrade.

If you’re an MSP or consultancy advising someone else: the Okta ISPM + Wiz pair is the cleanest “we covered AI governance” story to walk a client through. Both connectors produce dashboards the client’s CISO can present to the board. Start with those two and the conversation writes itself.

What this can’t fix

Five things that will trip you up if you assume the 28-integration drop solves everything:

  1. Public Sector Claude Enterprise availability. Anthropic’s docs note the Compliance API is generally available “except Public Sector” at launch. Federal and state-government Claude tenants need to confirm timing with their AE — don’t assume the same SKU.

  2. Conversation-content access is gated by key type. A scoped Admin API key with read:compliance_activities covers activity events. It does NOT cover chats, uploaded files, or projects. Wiz and Cyera (which want content for DLP context) need the full Compliance Access Key — which has broader blast radius. Plan your secret-rotation cadence accordingly. 90 days is the floor; 30 days is better for the full-content key.

  3. The 28 integrations are launched, not all GA-equal. Some partners (Wiz, Okta, Cloudflare, CrowdStrike) shipped polished UIs from day one. Others are in technical preview with documentation that’s still being filled in. Always check the partner’s own announcement post for the actual GA-readiness signal, not Anthropic’s press release.

  4. You still need a written AI usage policy. The integrations enforce policy you have; they don’t author it for you. The most common gap right now: no policy on what data classifications can be uploaded to Claude. Write a one-page policy this week before you rely on DLP rules. The IT-admin and the policy-author are often different people; if you’re the IT-admin, send the link to whoever owns acceptable-use policy at your org.

  5. Compliance API rate limits are real. All endpoints under /v1/compliance/* share rate limits. If you have ten partners polling the same API every five minutes, you’ll hit ceiling. Use Cribl or another routing layer to fan-out one poll to multiple downstream consumers, or stagger your partner integrations on different intervals.

The bottom line

Last Monday changed the answer to the question every CISO has been asking since Claude rolled into the building: “How do I see what people are doing with this?” Now there’s an API for that, and 28 partners that already speak it. The IT-admin job for this week is to flip the switch (5 minutes), pick the three partners that match your stack (15 minutes total), and document the key-rotation schedule (10 minutes). Forty minutes of focused work covers most of what the next two quarters of AI-governance audits will ask for.

If your team is just standing up Claude Enterprise for the first time and wants the full rollout playbook — license sizing, role design, data-classification policy, audit-trail design — the Enterprise AI Rollout Playbook course walks the whole arc. For the day-to-day “what does my org actually do with Claude” side, the Claude Cowork Essentials course is the practitioner-facing piece you can hand to the team after the IT plumbing is in.

Sources

Build Real AI Skills

Step-by-step courses with quizzes and certificates for your resume