Connect your Anthropic organization to Capsule Security through Anthropic's Compliance API for visibility into your members, activity, and Claude conversations.
This integration reads your organization's data from Anthropic's Compliance API for audit and governance:
- Members — Users across your linked organizations (email, name, and organization role), surfaced as agent owners
- Activity Feed — The organization's audit events (sign-ins, key changes, chat and project lifecycle, and more), surfaced as an audit trail
- Conversations — Claude.ai chats and their messages, surfaced as sessions in Observability
The integration is read-only — it never modifies your Anthropic configuration or deletes content. Each user's Claude activity is grouped under a per-user agent (Claude Enterprise/<email>) so members, activity, and conversations line up against a single owner.
Before you begin, ensure you have:
- An active Claude Enterprise plan
- The Compliance API enabled for your organization — the parent organization's primary owner enables it in claude.ai
- Primary owner access in claude.ai, required to create a Compliance Access Key
- A Capsule Security account with admin access
Note: This integration requires a Compliance Access Key (
sk-ant-api01-...) created in claude.ai — not a Console Admin key (sk-ant-admin-...) or a standard model API key (sk-ant-api03-...). Only a Compliance Access Key can read the activity feed, directory, and conversation content.
Create a Compliance Access Key in claude.ai. This is the credential Capsule uses to read your organization's compliance data.
Confirm you are signed in as the organization's primary owner — only the primary owner can create a Compliance Access Key
Click Create key and give it a descriptive name (e.g., "Capsule Security Integration")
Grant the compliance read scopes so Capsule can read the activity feed, directory, and conversations:
read:compliance_activities— the Activity Feedread:compliance_user_data— users, chats, and messagesread:compliance_org_data— organizations, roles, and groups
Important: Copy and save the key immediately — it begins with
sk-ant-api01-...and is shown only once
- Scopes are fixed when the key is created — to change them, create a new key and delete the old one
- Store the key in a password manager or secret store; never share it in email, chat, or source control
- The key grants read access to conversation content — treat it as a privileged credential
- To rotate it, create a new key, reconnect the integration in Capsule, then delete the old key in claude.ai
Capsule binds the integration to your parent organization, identified by its UUID.
In claude.ai, open your organization settings
Copy the Organization ID — it is a UUID in the format
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
91012d09-e48b-438e-a489-1bebfd8fa6f9Note: The Organization ID must be a valid UUID. If you paste a name or slug instead, Capsule rejects it with "Invalid Organization ID format (must be UUID)."
Once you have your Compliance Access Key and Organization ID, set up the integration in the portal.
Log in to the Capsule Security portal
Click Integrations in the left sidebar
Find the Claude Enterprise Compliance API card and click Set up Integration
- The card displays a 3-step wizard. Step 1 links to the claude.ai API access page and Step 2 to your organization settings; Step 3 collects your credentials:
- Compliance Access Key — paste the full key from Step 1 (starts with
sk-ant-api01-...) - Organization ID — paste the UUID from Step 2
- Compliance Access Key — paste the full key from Step 1 (starts with
Capsule validates the credentials live as you type. When both fields are valid you'll see Connection successful
Click Save
- Capsule validates the credentials and creates a Claude Enterprise Compliance API environment scoped to your organization
- Your access key is encrypted and stored in Capsule's secret store — it is never displayed again
- Capsule syncs incrementally: members and the activity feed populate first, followed by Claude conversations. View members and activity under Inventory, and conversations under Observability → Activity Type — Session
| Compliance API source | Appears in Capsule as |
|---|---|
| Organization members (directory) | Owners on the per-user Claude Enterprise/<email> agent |
| Activity Feed events | Audit entries on the acting user's agent |
| Claude.ai chats and messages | Sessions in Observability, with user / assistant messages |
Syncs are incremental and checkpointed — each run fetches only what changed since the last run, with overlap and de-duplication so no events are missed or double-counted.
If the connection test fails, the portal shows a specific message:
| Message | Cause | Fix |
|---|---|---|
| Compliance Access Key is required | The key field is empty | Paste the full sk-ant-api01-... key from Step 1 |
| Organization ID is required | The Organization ID field is empty | Paste the organization UUID from Step 2 |
| Invalid Organization ID format (must be UUID) | The value isn't a UUID | Copy the UUID exactly from your claude.ai organization settings |
| API key invalid or revoked | The key is wrong, deleted, or revoked (401) | Create a fresh Compliance Access Key and reconnect |
| Key lacks the required compliance scopes, or wrong key type | The key is missing a read scope, or it's an Admin / model key (403) | Use a Compliance Access Key (sk-ant-api01-...) with the read scopes from Step 1 |
| Organization or resource not found | The organization isn't reachable by this key (404) | Confirm the UUID is your parent organization and the key belongs to it |
| Rate limited — try again shortly | Anthropic's compliance rate limit was hit (429) | Wait and retry; Capsule paces and retries automatically |
Use the retry button next to the Organization ID field to re-run the connection test after correcting a value.
Capsule calls Anthropic's Compliance API under https://api.anthropic.com/v1/compliance/*, authenticating with the x-api-key header. It reads:
GET /v1/compliance/organizationsand/organizations/{org_uuid}/users— the org tree and membersGET /v1/compliance/activities— the audit activity feed (incremental, bycreated_at)GET /v1/compliance/apps/chatsand/apps/chats/{chat_id}/messages— Claude conversations and their messages
All /v1/compliance/* endpoints share a single rate limit of 600 requests per minute per parent organization. Capsule paces requests within that budget, honors Retry-After on 429, retries transient 5xx, and never retries 4xx. Sync state (checkpoints) is persisted per environment so runs resume where they left off.
Your access key is held in an encrypted secret store, scoped to your tenant and organization, and is used only to read the endpoints above.
For help with this integration:
- Email: support@capsule.security
- Include: Your tenant ID, your Anthropic Organization ID, and any error message shown in the connection test