Agent identity: A new access model for Claude Tag

@Claude joins your Slack channels as a teammate that picks up the thread, does the work, and reports back when it's done. To keep that safe across autonomous, multiplayer sessions, it acts under its own identity instead of borrowing yours: scoped to each space, governed by admins, fully auditable. Here's how the model is built and why. Learn more: https://claude.com/docs/claude-tag/concepts/agent-identity Read the launch announcement: https://anthropic.com/news/introducing-claude-tag

Jun 23, 20264mWatch on YouTube ↗

CHAPTERS

Why “act as a user” breaks in multi-person agent channels
Noah frames the core permissioning problem: once an agent is in a channel with multiple people (and even automated alerts), there may be no single “requesting user” to anchor access decisions. Traditional models like “use the last person’s permissions” become confusing and unsafe.
Claude Tag’s solution: the agent acts as itself (separate identity)
Claude Tag is designed so Claude operates under its own identity, using its own accounts/service keys in connected systems. This makes access predictable for users and easier to reason about for security teams.
Admin UI overview: scopes for workspace and specific channels
Noah walks through the Claude Tag admin UI showing two scopes: a general workspace scope and a private channel scope for the data team. Initially, neither scope has any access attached, meaning Claude cannot connect to external systems yet.
Defining “workspace baseline” access as the common denominator
He explains the concept of default workspace access: what Claude can do anywhere in the Slack workspace. This baseline should match the level of access you’d be comfortable with any workspace member effectively benefiting from.
Creating an access bundle: packaged permissions + behavior
Noah introduces “access bundles” as named sets of connections, repository access, skills, and standing instructions. He creates a bundle called “General Tooling” intended for broad workspace usage.
Using agent-owned credentials (not personal credentials)
A key step is pasting credentials that belong to Claude (the agent) rather than an individual teammate. The agent account is scoped on the provider side to exactly what Claude should be able to read, then tested for validity.
Attaching the bundle to workspace: inheritance across all channels
Noah attaches the “General Tooling” access bundle to the workspace scope, which grants Claude that baseline access everywhere. All channels inherit the workspace access, making behavior consistent regardless of where Claude is tagged.
Channel step-up: granting sensitive access only to a private team channel
For the data team’s private channel, he creates a second access bundle with read access to the data warehouse and assigns it only to that channel. The channel becomes the boundary: the warehouse credential exists only there and nowhere else.
DMs as the boundary for truly personal or need-to-know tools
Noah distinguishes between shared workspace/channel access and personal access. For highly sensitive or personal tools (e.g., recruiting or people data), the recommendation is to use a DM where Claude runs under the user’s own Claude AI account and credentials.
The full agent identity model: baseline, step-ups, and personal space
He summarizes the model that powers Claude Tag: a workspace-wide common denominator baseline, channel-specific step-ups for teams, and DMs for personal access. This enables a whole channel to steer the same Claude without shifting permissions or leaking personal credentials.
Wrap-up: set it up once, benefit across the team
Noah closes by reinforcing the operational advantage: configure access once and the whole team can reliably use Claude Tag. He invites teams to try it and share how they’re tagging Claude in their workflows.