Custom integrations using remote MCP are available on Claude.ai and Claude Desktop for users on Claude Max, Team, and Enterprise plans. This feature is currently in beta.
⚠️Security & Privacy with Custom Integrations (beta)
Be aware that custom integrations allow you to connect Claude to services that have not been verified by Anthropic, and allow Claude to access and take action in these services. Consider the following to minimize security and privacy risks when using this feature:
Only add and authenticate custom integrations from trusted organizations, listed directly on their websites
Carefully review Claude’s requests to invoke tools, especially for tools that may send data to or take action in external applications
Only enable the specific tools that are most relevant to your conversation, especially before invoking Research
Report malicious MCP servers to security@anthropic.com
In some circumstances, MCP server developers may change their tool’s behavior without warning the user, potentially leading to unexpected or malicious behavior. We attempt to block suspicious MCP tool calls, but we suggest taking precautions to isolate Claude from sensitive data.
For more guidance, review the Security & Privacy Considerations section below.
What are custom integrations?
Custom integrations let you connect Claude directly to the tools and data sources that matter most to your workflows. This enables Claude to operate within your favorite software and draw insights from the complete context of your external tools.
You can:
Connect Claude to existing remote MCP servers
Build your own remote MCP servers to connect with any tool
What are remote MCP servers?
MCP is an open standard, created by Anthropic, for AI applications to connect to tools and data.
Previously, MCP servers primarily ran locally (i.e. on a user’s laptop). Now, developers can build and host remote MCP servers that communicate with AI apps over the internet. Remote MCP servers give models access to internet-hosted tools and data, transforming Claude into an informed teammate that can independently handle complex, multi-step projects tailored to your needs.
Getting Started with Custom Integrations
Using Existing Integrations
To get started, choose from existing integrations. For example, Zapier MCP lets users connect Claude to thousands of apps using Zapier's pre-built connections.
Building Integrations
To learn about building integrations to use with Claude, we recommend reviewing the following resources:
Model Context Protocol Github - Contains the complete specification, SDKs, code examples, and implementation guides
MCP Documentation - Guides to learn about MCP concepts, roadmap, and how to get started with building
Adding Integrations to Claude
Claude Enterprise & Teams (Owners and Primary Owners)
Note: While anyone can build and host integrations using remote MCP, only Primary Owners or Owners can enable it on Claude for Work plans (Team and Enterprise). Once an integration has been configured on a Team or Enterprise account, users individually authenticate into the integration. This ensures that Claude can only access tools and data that the individual user has access to.
Navigate to Settings > Integrations (for Teams) or Settings > Data management (for Enterprise)
Locate the “Integrations” section
Click “Add more”
Add your integration’s remote MCP server URL
Finish configuring your integration by clicking “Add”
Claude Max
Navigate to Settings > Profile
Locate the “Integrations” section
Click “Add more”
Add your integration’s remote MCP server URL
Finish configuring your integration by clicking “Add”
Removing or Editing Integrations
You can remove or edit the configuration of your integration:
Visit the Settings page for your integrations
Locate the “Integrations” section
Click “Remove” or select the three dots next to the integration you’d like to edit
Follow the prompts to edit or remove
Enabling Integrations
You can enable Integrations via the Search and tools menu in the chat interface. For integrations that require authentication, click “Connect” to go through the authentication flow and grant permission for Claude to access the service. After connecting, use the same menu to enable or disable specific tools made available by the server.
Security & Privacy Considerations
Custom integrations allow you to connect Claude to arbitrary services that have not been verified by Anthropic. When you connect Claude to external services, you're granting it the ability to access and potentially modify data within those services based on your permissions. It’s important to make sure you’re only connecting to remote MCP servers that you trust and that you’re aware of Claude’s interactions with connected integrations.
Security and Permissions
When you add a custom integration to Claude, you'll typically go through an OAuth authentication process to securely sign in to the application and grant specific permissions. This allows Claude to interact with the application on your behalf, without Claude ever seeing your actual password. You can revoke these permissions at any time by disconnecting the integration in Claude's settings or the third-party service's security settings.
Remote MCP servers act as intermediaries between Claude and external applications. You should:
Only connect to trusted servers: Only connect Claude to servers built and hosted by organizations and applications you trust.
Review requested permissions carefully: During auth, review what permissions the MCP server is requesting to the application. Limit these scopes when possible and deny access if requested permissions seem unnecessary.
Be aware of prompt injections: Malicious MCP servers may include hidden instructions that try to make Claude perform unintended actions. Claude has built-in protections that attempt to block these attacks, but it's important to pay attention to tool inputs & outputs and connect only to trusted servers.
Monitor changes in tool behavior: Server developers may update tool behavior unexpectedly, leading to unintended or malicious behavior.
Reporting Malicious MCP Servers
If you become aware of a malicious MCP server, please report it to us at security@anthropic.com.
Taking actions with tools
Remote MCP servers give Claude tools it can invoke during your conversation. The developer of an MCP server can define what these tools do, including:
Reading data from connected applications
Creating, modifying, or deleting data in connected applications
Taking actions on behalf of the user
Claude can only access resources that you’ve given the server permission to access, but you should:
Be aware of any actions Claude is taking and that they have no destructive or unintended effects
Review Claude’s tool approval requests carefully and only click “Allow always” when using a server and tool that you trust to run unsupervised
Using the “Search and tools” menu, disable any tools that aren’t relevant to the current conversation or that you don’t want Claude to be able to invoke
Using Claude with Research
Note: Advanced Research is not currently able to invoke tools from local MCP servers.
Research allows Claude to deeply investigate queries by searching through hundreds of internal and external sources. During the research process, Claude can invoke tools from your integrations automatically without further approval.
When using Research with custom integrations:
Disable any tools that can take write actions in external applications
Review Claude’s approval request carefully and be aware of which tools you’re granting Claude permission to invoke
Be mindful of the impact of Claude sending a large number of requests to your integrations