Anthropic · Anthropic Sub-Processors · View original document ↗

WorkOS as SSO and Security Subprocessor

Low severity High confidence Explicitdocumentlanguage Unique · 0 of 352 platforms
Share 𝕏 Share in Share 🔒 PDF
Recent governance activity Anthropic recorded 2 documented changes in the last 30 days.
Start monitoring updates
Monitor governance changes for Anthropic Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

WorkOS, located in the United States, is listed as the subprocessor responsible for security and single sign-on (SSO) functionality for Claude for Work and the Claude Developer Platform, meaning authentication and identity data for enterprise and developer users is processed by WorkOS.

This analysis describes what Anthropic's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This provision discloses that authentication credentials and identity data for enterprise (Claude for Work) and developer platform users are processed by a US-based third party, which is relevant to organizations with identity governance, access management, and cross-border data transfer compliance obligations.

Consumer impact (what this means for users)

This provision establishes that authentication and single sign-on data for Claude for Work and Claude Developer Platform users is processed by WorkOS in the United States, with additional information available at the linked Anthropic support article on enterprise SSO setup.

Cross-platform context

See how other platforms handle WorkOS as SSO and Security Subprocessor and similar clauses.

Compare across platforms →

Monitoring

Anthropic has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Get Monitor Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
WorkOS | Security, Single Sign-On | United States | Products: Claude for Work, Claude Developer Platform.

— Excerpt from Anthropic's Anthropic Sub-Processors

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: Authentication and identity data processed by WorkOS engages GDPR principles of data minimization and purpose limitation for EU/EEA enterprise users, as well as GDPR Chapter V international transfer requirements for US-based processing. For enterprises subject to SOC 2 or ISO 27001 auditing, SSO subprocessor relationships are typically within scope for third-party vendor risk reviews. The FTC has general jurisdiction over deceptive or unfair practices related to identity and authentication data handling. 2) GOVERNANCE EXPOSURE: Medium. SSO and identity data is sensitive from an access management perspective. Enterprise customers integrating WorkOS-powered SSO should assess whether WorkOS is named in Anthropic's DPA and whether WorkOS's own security certifications (SOC 2, ISO 27001) meet organizational vendor requirements. 3) JURISDICTION FLAGS: EU/EEA enterprise customers face GDPR Chapter V transfer obligations for identity data processed by WorkOS in the US. Organizations subject to HIPAA that use Claude for Work with SSO should assess whether identity data handling by WorkOS requires a Business Associate Agreement. Illinois BIPA applicability is unlikely but should be assessed if biometric authentication is ever enabled. 4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise procurement and security teams should independently review WorkOS's security posture, certifications, and DPA. The Anthropic support article linked in the document (https://support.anthropic.com/en/articles/9797544-setting-up-single-sign-on-on-the-enterprise-plan) provides additional configuration information. Teams should confirm whether their enterprise DPA with Anthropic covers WorkOS as an authorized subprocessor. 5) COMPLIANCE CONSIDERATIONS: Identity governance teams should update vendor inventories to include WorkOS as a processor of authentication data. EU enterprise customers should confirm SCCs or equivalent transfer mechanisms are in place. Access management reviews should include WorkOS as a component of the overall Claude for Work authentication chain.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 3 platforms — free Get Monitor

Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • FTC
    The FTC has jurisdiction over identity and authentication data handling practices as part of consumer protection and data security enforcement
    File a complaint →

Provision details

Document information
Document
Anthropic Sub-Processors
Entity
Anthropic
Document last updated
July 6, 2026
Tracking information
First tracked
July 6, 2026
Last verified
July 6, 2026
Record ID
CA-P-013415
Document ID
CA-D-00927
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
1cc5667b58da54142dfd2d16cbb4fa5e2bf2ad8b1fd33563343082f35c47faee
Analysis generated
July 6, 2026 22:55 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: Anthropic
Document: Anthropic Sub-Processors
Record ID: CA-P-013415
Captured: 2026-07-06 22:55:47 UTC
SHA-256: 1cc5667b58da5414…
URL: https://conductatlas.com/platform/anthropic/anthropic-sub-processors/workos-as-sso-and-security-subprocessor/
Accessed: July 7, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Low
Categories

Other risks in this policy

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Get Compliance

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Anthropic's WorkOS as SSO and Security Subprocessor clause do?

This provision discloses that authentication credentials and identity data for enterprise (Claude for Work) and developer platform users are processed by a US-based third party, which is relevant to organizations with identity governance, access management, and cross-border data transfer compliance obligations.

How does this clause affect you?

This provision establishes that authentication and single sign-on data for Claude for Work and Claude Developer Platform users is processed by WorkOS in the United States, with additional information available at the linked Anthropic support article on enterprise SSO setup.

Is ConductAtlas affiliated with Anthropic?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Anthropic.