Agent identity: A new access model for Claude Tag

@Claude joins your Slack channels as a teammate that picks up the thread, does the work, and reports back when it's done. To keep that safe across autonomous, multiplayer sessions, it acts under its own identity instead of borrowing yours: scoped to each space, governed by admins, fully auditable. Here's how the model is built and why. Learn more: https://claude.com/docs/claude-tag/concepts/agent-identity Read the launch announcement: https://anthropic.com/news/introducing-claude-tag

Jun 23, 20264mWatch on YouTube ↗

WHAT IT’S REALLY ABOUT

Claude Tag’s agent identity enables predictable, auditable teamwide permissions management

Claude Tag replaces the confusing “act as the user” permission model with an agent identity that has its own accounts and service keys.
Admins grant access through scoped “access bundles” so Claude’s capabilities are predictable and do not change depending on who tagged it.
A workspace-level baseline provides the common-denominator access that every channel inherits by default.
Sensitive tools are handled via channel-specific step-ups, while truly personal or need-to-know access is kept in DMs using each user’s own credentials.
The setup emphasizes auditability and security-team clarity by making Claude’s reachable systems explicit per scope boundary.

IDEAS WORTH REMEMBERING

5 ideas

Multi-user collaboration requires a stable permission identity.

In a channel with many people (or with automated alerts), there may be no single “requesting user,” so Claude Tag avoids ambiguous permission inheritance by having Claude act as itself.

Claude’s access is provisioned via admin-controlled scopes, not by who asks.

What Claude can reach in a channel stays constant regardless of who tags it, making behavior predictable for teammates and easier to reason about for security reviews.

Use a workspace baseline for tools everyone can safely access.

The workspace scope is the “common denominator” access—what you’d be comfortable with any workspace member effectively having—because every channel inherits it.

Access bundles are the unit of reusable, auditable permission configuration.

An access bundle groups connections (credentials), repository access, skills, and standing instructions, and can be attached to a workspace or a specific channel.

Provision credentials as agent-owned accounts, not personal logins.

Credentials pasted into bundles should belong to Claude (service accounts/keys) and be scoped at the provider to exactly what Claude should read or do.

WORDS WORTH SAVING

5 quotes

When you put Claude in a channel with five people, act as a user stops making sense.

— Noah

So for Claude Tag, we had to rebuild the concept of agent permissioning for a product where agents collaborate proactively across multiple teammates.

— Noah

To do this, we decided that Claude should act as itself.

— Noah

What it can reach in a channel never changes based on who asked. It's predictable for users and legible for security teams.

— Noah

In the channel, think about Claude as a general teammate. In a DM, it's your personal assistant with all of your own tools.

— Noah

Why “act as user” breaks in multi-user agent contextsAgent identity with dedicated service accounts/keysWorkspace scope as baseline accessAccess bundles (connections, repo access, skills, instructions)Channel-level step-up permissions for sensitive systemsDM mode using personal credentialsPredictability and auditability for security teams

High quality AI-generated summary created from speaker-labeled transcript.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.