Claude Training Plan
This plan turns the Adoption & Governance Guide into four concrete trainings plus the trainer guidance and checklists to deliver them consistently.
Didactic idea (all trainings): value first, limits and risks second, practical examples over product theory, clear takeaways at the end, concrete next steps for daily work. Rules of thumb: max 4โ5 key points per slide, one practical example per topic block, never name a risk without an action, never demo a feature without its governance context.
Training matrixโ
| # | Training | Audience | Duration | Core message |
|---|---|---|---|---|
| 1 | Using Claude safely in the company | All employees | 20โ25 min | A useful tool, never a replacement for responsibility |
| 2 | Setting up Claude for teams | Team leads, owners, multipliers | 25โ30 min | Teams need structure, not just access |
| 3 | Claude Code & Cowork safely | IT, Dev, Security, Digital Office, power users | 25โ30 min | Powerful functions need stronger control |
| 4 | Configuring Claude Enterprise as admin | IT admins, IAM, Security, platform owners | ~30 min | Identity and roles before features; test before you enforce |
A shared closing slide for trainings 1โ3: Claude is a work tool; security and data protection always apply; standards make teams productive; agentic functions need special control; results stay a human responsibility.
Schulung 1 โ Using Claude safely in the companyโ
Audience: all employees ยท Duration: 20โ25 min ยท Goal: understand safe, productive basic use.
Core message: Claude is a useful work tool, but no substitute for responsibility. Only approved data, only through the company access, always check results.
Learning objectives โ after the training, participants can:
- name typical allowed uses,
- recognize disallowed uses,
- apply the data traffic light,
- recite the five everyday rules.
Outline:
- Intro & value โ drafts, summaries, routine work
- Rules & limits โ allowed, not allowed, the traffic light
- Practical examples โ Sales, Marketing, Support, Management
- Close & takeaways โ 5 rules, check before use, contacts
Participant checklist:
[ ] I use Claude only through the company access
[ ] I never enter passwords, tokens, or secrets
[ ] I check the data class before entering anything
[ ] I use only approved extensions and sources
[ ] I check results before using or forwarding them
[ ] I ask when I am unsure
Closing question: Which one mistake will you avoid with Claude from tomorrow?
This training maps directly to the Onboarding page โ hand it out as the follow-up.
Schulung 2 โ Setting up Claude for teamsโ
Audience: team leads, business owners, multipliers ยท Duration: 25โ30 min ยท Goal: set up team use in a structured way.
Core message: Teams need structure, not just access. Projects, Skills, and clear owners make Claude reproducible and scalable.
Learning objectives โ participants can:
- distinguish Projects, Skills, Connectors, Plugins, Artifacts,
- define a small team pilot,
- name governance roles for their team.
Outline:
- Why team structure matters โ avoid sprawl, create standards
- The building blocks โ Projects, Skills, Connectors, Plugins, Artifacts
- Team examples โ Sales, IT, Marketing, Management, Support
- Governance & best practices โ owners, reviews, versioning, start small
How a team should start: 1โ2 clear use cases โ one Project per topic โ 1โ3 Skills โ only necessary Connectors โ name an owner for each Project and Skill.
Participant checklist:
[ ] We defined 1โ2 pilot use cases
[ ] We created a fitting Project
[ ] We identified 1โ3 sensible Skills
[ ] Every Project and Skill has an owner
[ ] Connectors are used only on real need
[ ] Results are reviewed
[ ] Standards and versions are documented
Closing question: Which Project and which Skill should your team start with?
Schulung 3 โ Claude Code & Cowork safelyโ
Audience: IT, Development, Security, Digital Office, power users ยท Duration: 25โ30 min ยท Goal: introduce agentic functions safely.
Core message: Claude Code and Cowork are strong, but only safe with clear boundaries. Limit rights, secure environments, check results.
Learning objectives โ participants:
- understand the Claude Code security model,
- know Cowork risks and approval limits,
- recognize plugins, MCPs, and connectors as a governance topic.
Outline:
- Understanding Claude Code โ agentic dev support, rights, approvals
- Security rules for Claude Code โ review, secrets, repos, sandbox, MCPs
- Understanding Cowork โ files, folders, deliverables, plugins
- Operating model & risks โ pilot, permissions, approvals, reviews
The five security rules for Claude Code:
- No merge without human review
- No secrets in the prompt or context
- Only approved repositories
- Prefer dev containers / sandbox
- Only trusted MCPs and plugins
Participant checklist:
[ ] Claude Code is used only in approved repositories
[ ] Narrow rights are the default
[ ] No merge happens without review
[ ] Secrets are never entered
[ ] Sandbox or isolated environment is preferred
[ ] Only trusted MCPs and plugins are used
[ ] Cowork works only with approved folders and sources
[ ] Cowork results are reviewed
[ ] A pilot runs before broad rollout
Trainer note: present Cowork as a governance-relevant agentic mode, not a normal chat feature; state clearly that Cowork can be unsuitable for regulated workloads. Closing question: Which technical limit matters most for your safe start?
Schulung 4 โ Configuring Claude Enterprise as adminโ
Audience: IT admins, IAM, Security, platform owners ยท Duration: ~30 min ยท Goal: set up Enterprise correctly and prepare a safe go-live.
Core message: Claude Enterprise begins with identity, roles, domain, provisioning, and control โ not with features. Test before you enforce. Secure before you scale.
The setup order (this order is security-critical)โ
1 Check admin roles & prerequisites
2 Verify the domain
3 Set up SSO
4 Test SSO (do not enforce yet)
5 Choose JIT or SCIM
6 Map groups and roles
7 Add audit, compliance, and network controls
If SSO or SCIM are activated too early, you get lockouts or faulty provisioning. Domain verification comes before SSO; SSO before JIT/SCIM.
Key steps and the reasoningโ
- Prerequisites: an Owner/Primary Owner, DNS access, IdP access, a check of existing Claude orgs, and a second admin as backup (avoid a single point of failure).
- Domain verification: add the domain, set the TXT record, wait for Verified, then enable "Restrict organization creation" so employees cannot spin up shadow orgs on the company domain.
- SSO: start "Setup SSO" in Claude, pick the IdP, complete the IdP flow, run a test login โ and do not enforce immediately.
- Provisioning: Invite only (manual) โ JIT (created on first login, good for pilots) โ SCIM (full provisioning/deprovisioning via IdP, the clean target state for Enterprise). Save SCIM only after all assignments are correct.
- Groups & roles: map IdP groups to Claude roles, custom roles, and seat tiers; secure owner/admin groups; verify with a test user per group.
- Audit, Compliance, Analytics: Audit Logs (Enterprise-only, ~180-day export, events/actor/IP/device โ chat content not fully included); Compliance API for deeper governance/audit data; Analytics API for adoption and rollout steering.
- Network controls: IP Allowlisting (approved CIDR ranges) and Tenant Restrictions (block non-approved org accounts) โ test before enforcing, both can lock users out.
Verification commands (use neutral example values, never real keys or domains)โ
Check the DNS TXT record:
# Linux / macOS
dig TXT _acme-challenge.example.com +short
# Windows PowerShell
nslookup -type=TXT _acme-challenge.example.com
Basic reachability check:
curl -I https://claude.ai
curl -I https://api.anthropic.com
Tenant-restriction test (the proxy injects the allowed-org header):
curl https://api.anthropic.com/v1/messages \
-H "x-api-key: $CLAUDE_API_KEY" \
-H "anthropic-version: 2023-06-01" \
-H "content-type: application/json" \
-d '{"model":"claude-sonnet-4-6","max_tokens":128,"messages":[{"role":"user","content":"Tenant restriction test"}]}'
Relevant proxy header: anthropic-allowed-org-ids: 550e8400-e29b-41d4-a716-446655440000
The five most common admin errorsโ
[ ] Enforcing SSO too early
[ ] Saving SCIM before all assignments are correct
[ ] No second admin secured
[ ] "Restrict organization creation" forgotten
[ ] Network controls enabled in production without a test
Admin go-live checklistโ
[ ] Primary Owner present
[ ] Second Owner/Admin secured as backup
[ ] DNS access available
[ ] Identity Provider access available
[ ] Domain status = Verified
[ ] Restrict organization creation enabled
[ ] SSO set up, admin test login successful
[ ] Standard-user test login successful
[ ] SSO not enforced too early
[ ] Provisioning model chosen (Invite / JIT / SCIM)
[ ] SCIM saved only after all assignments correct
[ ] Group and role mapping verified
[ ] Audit Logs checked, export process documented
[ ] Compliance API enabled only on need
[ ] Analytics API enabled on reporting need
[ ] Network controls tested before enforcing
[ ] Internal operations documentation filed
[ ] Technical / IAM-Security / Data-Protection approvals obtained
Closing message: First identity, then access, then provisioning, then enforcement. Start small, test cleanly, scale afterwards.
Trainer guidanceโ
Before each training: check the audience, prepare 1โ2 internal examples, know the contact for questions, and show no real secrets, keys, or customer data.
During: explain value and risk together, never show a feature without its governance context, involve the audience with a control question per block.
After: send the one-page handout, name the contact point, and collect pilot use cases or open risks.
For trainings 3 and 4 specifically: move slower through the risks with IT/Security groups; for the admin training, emphasize the setup order and that much of it happens in the Claude admin UI, the IdP, DNS, and proxy/network config โ not via API or CLI.
Suggested rollout scheduleโ
Sequence the trainings with the phased rollout from the Adoption & Governance Guide:
| When | Training | Pairs with rollout phase |
|---|---|---|
| Before go-live | Schulung 4 (admins) | Phase 1 โ Governance & base |
| At department pilot kickoff | Schulung 1 (all staff) + Schulung 2 (leads) | Phase 2 โ Department pilots |
| Before the Code/Cowork pilots | Schulung 3 (IT/power users) | Phases 3โ4 โ Code & Cowork pilots |
| Ongoing | Refreshers + new-hire Schulung 1 | Phase 5 โ Scale |
Further readingโ
- Onboarding โ First Steps โ the participant-facing companion to Schulung 1
- Adoption & Governance Guide โ the reference the trainings are built on
- Surfaces & Features Guide ยท Artifacts Guide
All AI-generated content is a draft and requires human review before external use.