← 14.415.2 →
1212 words Slides

15.1 Enterprise Overview

Course: Claude Code - Enterprise Development Section: 15 - Enterprise Deployment Video Length: 3-4 minutes Presenter: Daniel Treasure

Opening Hook

"Enterprise development is where Claude Code moves from your laptop to your team's infrastructure. Today, we're mapping out how to deploy at scale: centralized deployments, team-based governance, and integrated workflows with your existing systems."

Key Talking Points

1. Enterprise Deployment Models

What to say: - "Claude Code supports three deployment architectures: centralized (single admin point), team-based (distributed with governance), and hybrid (best of both)." - "Centralized works for regulated environments—one source of truth, one audit trail. Team-based scales when you have multiple teams managing their own instances. Hybrid lets teams self-serve while maintaining corporate standards." - "The model you choose depends on your org's size, compliance needs, and how much autonomy you want teams to have."

What to show on screen: - Diagram/visual showing the three models side-by-side - Simple flow: Admin → Team → Individual deployment - Annotation: governance scope for each model

2. Integration with CI/CD & Source Control

What to say: - "Claude Code lives inside your development pipeline. It integrates with GitHub, GitLab—wherever your source truth lives." - "You can trigger Claude Code agents from your CI/CD workflows to code-review, automate testing, generate documentation, even security scanning." - "The key is that Claude Code reads and writes to the same repos your engineers use daily."

What to show on screen: - GitHub Actions → Claude Code trigger example (screenshot or diagram) - Pipeline showing: Push → CI/CD → Claude Code Agent → Result back to repo - Brief look at how headless mode fits in (introduced in Section 14.3)

3. Knowledge Base Integration

What to say: - "Every enterprise has institutional knowledge scattered across docs, Slack, wikis, Jira. Claude Code can pull from all of it." - "When you connect knowledge bases—Notion, Confluence, internal docs—your agents have context. They understand your architecture patterns, coding standards, and past decisions." - "No more 'where's the API docs?' when Claude Code is building the integration."

What to show on screen: - MCP server flow diagram (brief callback to Section 12.1) - Example: Knowledge base MCP → Claude Code - Show a managed-mcp.json snippet (will expand in later videos)

4. Centralized IAM, Scoped Permissions & Audit Logging

What to say: - "The foundation of enterprise control is identity. Every agent, every user, every service needs a verified identity." - "Scoped permissions mean an agent working on the backend can't accidentally access HR systems. Role-based access control (RBAC) locks everything down." - "Every action—every file read, every tool call, every API hit—is logged. Compliance teams sleep better when they know exactly what happened and when."

What to show on screen: - Identity pyramid: Enterprise Provider (SSO) → Teams → Scoped Roles → Audit Log - Example permission scope: "Backend Team" → "Production Environment" → "read:repo + write:tests only" - Sample audit log entry: timestamp, user, action, resource, result

5. Scalability & Governance

What to say: - "Governance isn't just compliance—it's consistency. You want every team using the same models, the same plugins, the same standards." - "Version-controlled configs mean 'the new plugin version rolls out Wednesday' instead of 'it broke production Tuesday.'" - "Standardized agents reduce training load and security surface. Everyone's using the vetted toolset, not downloading random extensions."

What to show on screen: - Managed config structure: centralized policy repo - Example: plugin allowlist, model version pinning - Org-wide rollout workflow: config change → staging validation → production deployment

Demo Plan

Setup (30 seconds)

  1. Open terminal
  2. Show current Claude Code installation: claude --version
  3. Mention: "In enterprise mode, this comes from your org's installation, not a personal install"

Step 1: Show Deployment Architecture (60 seconds)

  1. Open a text editor or presentation slide with deployment models
  2. Walk through: centralized (single admin), team-based (distributed), hybrid
  3. Click through to show a sample managed-mcp.json file (minimal example)
  4. Point out: "This one file controls what all 200 engineers can access"

Step 2: CI/CD Integration Point (60 seconds)

  1. Navigate to a sample GitHub Actions workflow file (.github/workflows/claude-code-review.yml)
  2. Highlight the trigger: on: pull_request
  3. Show the step that calls Claude Code in headless mode
  4. Explain: "When someone pushes, the bot reviews. Results auto-comment on the PR."
  5. (Don't run—just show the config)

Step 3: Identity & Scope Example (60 seconds)

  1. Show a mock .env or config file with role definitions
  2. Example lines: CLAUDE_CODE_ROLE=backend-engineer CLAUDE_CODE_ENVIRONMENT=production CLAUDE_CODE_PERMISSIONS=read:repo,write:tests,call:approved-tools
  3. Point out: "Same person, different role, different access. Developer in backend team? Can't touch frontend assets."

Wrap-up (30 seconds)

  • Recap: "Enterprise Claude Code is about control, consistency, and compliance."
  • Preview: "Next video, we'll dive into the cloud providers—where your agents actually run."

Code Examples & Commands

Check current installation mode

claude --version
# In enterprise: would show org config timestamp & managed status

Sample managed-mcp.json structure

{
  "mcpServers": {
    "github": {
      "command": "node",
      "args": ["github-mcp-server.js"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_ORG_TOKEN}"
      }
    }
  },
  "allowedModels": [
    "claude-opus-4-6",
    "claude-sonnet-4-1"
  ],
  "deniedModels": ["claude-haiku"],
  "strictKnownMarketplaces": true,
  "disableBypassPermissionsMode": true
}

Sample environment scoping

# For a backend engineer in prod-critical team
export CLAUDE_CODE_ROLE=prod-backend-engineer
export CLAUDE_CODE_TEAM=infrastructure
export CLAUDE_CODE_ENVIRONMENT=production
export CLAUDE_CODE_PERMISSIONS_SCOPE=repo:read,tests:write,deploy:none

Gotchas & Tips

Gotcha: "Agents inherit permissions, not exceed them" - If the user running Claude Code has only read access to a repo, the agent can't write even if the config allows it. - The intersection of user + agent + org permissions all apply.

Tip: "Start with team-based, move to centralized" - Easier to maintain governance across teams than to fragment it later. - Teams can still customize tools and models within org policy.

Gotcha: "Audit logs grow fast" - Expect 10KB–1MB per session depending on verbosity and number of tool calls. - Plan storage for compliance retention (often 3–7 years).

Tip: "Version your managed configs in git" - Treat managed-mcp.json like infrastructure code: PR review, change log, rollback plan.

Lead-out

"You've now got the 30,000-foot view of enterprise Claude Code. In the next video, we're descending into the cloud—picking your provider, configuring credentials, and getting your agents running securely on AWS Bedrock, Google Vertex AI, or Azure Foundry. See you there."

Reference URLs

  • Claude Code Enterprise Docs: https://docs.anthropic.com/claude-code/enterprise
  • Managed Configuration Guide: https://docs.anthropic.com/claude-code/managed-configuration
  • MCP Servers Overview: https://docs.anthropic.com/en/docs/integrations/mcp/implementations
  • Audit Logging Best Practices: https://docs.anthropic.com/claude-code/audit-logging

Prep Reading

  • Anthropic: Enterprise deployment fundamentals (internal docs)
  • NIST: Role-based access control (RBAC) overview
  • Your org: deployment policy, compliance requirements, infrastructure standards

Notes for Daniel

  • Keep energy high—enterprise sounds boring, but this is where Claude Code becomes transformational. A single agent automating code review for 200 engineers is powerful.
  • Use your org's own examples if possible. "Here's how our infrastructure team uses this..." resonates more than generic examples.
  • Don't oversell security. Just be factual: logs exist, permissions work, compliance is possible.
  • Pause after "standardized agents" to let that sink in—lots of teams waste cycles maintaining custom tools that should be org-wide.
  • The demo should feel lightweight and visual; you're setting expectations, not diving into config hell yet.