Skip to content

SOP-015: Team & Enterprise

Document Control

FieldValue
SOP IDSOP-015
Version1.0
StatusActive
Last Updated2024-12

Purpose

This SOP covers team and enterprise features in Cursor, including team setup, SSO, SCIM, Team Rules, and administrative controls.

Scope

  • Team creation and management
  • SSO configuration
  • SCIM provisioning
  • Team Rules
  • Enterprise admin controls
  • Analytics and APIs

Prerequisites

  • Cursor Team or Enterprise subscription
  • Admin access to organization

Procedure

Team vs Enterprise

FeatureTeamEnterprise
Team Rules
Shared documentation
Usage analytics
Admin dashboard
Billing groups
SSO (SAML 2.0)
SCIM provisioning
Audit logs
Data residency
MDM policies
Admin API
Priority support

Step 1: Create a Team

  1. Go to cursor.com/dashboard
  2. Click "Create Team"
  3. Enter team name and details
  4. Choose billing plan

Step 2: Add Team Members

Invite by Email:

  1. Dashboard → Team → Members
  2. Click "Invite Members"
  3. Enter email addresses
  4. Assign roles (Admin, Member)

Roles:

RoleCapabilities
OwnerFull control, billing, delete team
AdminManage members, rules, settings
MemberUse Cursor with team features

Step 3: Configure SSO (Enterprise)

Supported Providers:

  • Okta
  • Azure AD
  • Google Workspace
  • Any SAML 2.0 provider

Setup:

  1. Dashboard → Settings → SSO
  2. Choose provider or Custom SAML
  3. Configure with your IdP:
    • ACS URL (from Cursor)
    • Entity ID (from Cursor)
    • IdP metadata (from your provider)
  4. Test connection
  5. Enable for team

SSO Flow: Cursor Login → IdP (Okta/Azure/Google) → Cursor Session

StepAction
1User opens Cursor and clicks "Sign in with SSO"
2Redirects to Identity Provider (IdP)
3User authenticates with IdP credentials
4IdP returns SAML assertion to Cursor
5Cursor creates authenticated session

Step 4: Configure SCIM (Enterprise)

Automate user provisioning:

  1. Dashboard → Settings → SCIM
  2. Generate SCIM token
  3. Configure in your IdP:
    • SCIM endpoint URL
    • Bearer token

SCIM Capabilities:

  • Automatic user creation
  • User deactivation on IdP removal
  • Group sync
  • Attribute mapping

Step 5: Set Up Team Rules

From Dashboard:

  1. Dashboard → Team Content → Rules
  2. Click "Add Rule"
  3. Write rule content
  4. Configure enforcement:
    • Enable immediately: Active upon creation
    • Enforce this rule: Users cannot disable

Example Team Rule:

markdown
# Team Coding Standards

## Required Practices
- All code must have TypeScript types
- Use our internal logging library for all logs
- Follow the repository pattern for data access
- Never commit secrets or API keys

## Preferred Patterns
- Use functional components in React
- Prefer async/await over .then() chains
- Add JSDoc comments for public APIs

Step 6: Manage Auto-Run Settings (Enterprise)

Override user settings for security:

  1. Dashboard → Settings → Auto-Run
  2. Configure controls:
SettingOptions
Auto-Run ControlsEnable/disable user controls
Sandboxing ModeForce sandbox for all
Sandbox NetworkingAllow/deny network in sandbox
Terminal AllowlistOrganization-wide command list
Enable Run EverythingAllow/deny full trust mode

Analytics

Dashboard Analytics

View team usage at Dashboard → Analytics:

  • Active users
  • AI requests
  • Model usage
  • Feature adoption

Analytics API

Programmatically access analytics:

bash
curl -X GET "https://api.cursor.com/v1/team/analytics" \
  -H "Authorization: Bearer $CURSOR_API_KEY"

Available Metrics:

  • Daily/weekly/monthly active users
  • Requests by feature (Tab, Chat, Inline Edit)
  • Model usage breakdown
  • Per-user statistics

AI Code Tracking API

Track AI-generated code contributions:

bash
curl -X GET "https://api.cursor.com/v1/team/ai-code-tracking" \
  -H "Authorization: Bearer $CURSOR_API_KEY"

Admin API

Manage team programmatically:

List Members:

bash
curl -X GET "https://api.cursor.com/v1/team/members" \
  -H "Authorization: Bearer $CURSOR_API_KEY"

Add Member:

bash
curl -X POST "https://api.cursor.com/v1/team/members" \
  -H "Authorization: Bearer $CURSOR_API_KEY" \
  -d '{"email": "user@company.com", "role": "member"}'

Remove Member:

bash
curl -X DELETE "https://api.cursor.com/v1/team/members/{userId}" \
  -H "Authorization: Bearer $CURSOR_API_KEY"

Billing Groups

Organize spend tracking:

  1. Dashboard → Billing → Billing Groups
  2. Create groups (by department, project, etc.)
  3. Assign members to groups
  4. View spend per group

Audit Logs (Enterprise)

Track administrative actions:

  1. Dashboard → Settings → Audit Logs
  2. View history of:
    • Member additions/removals
    • Role changes
    • SSO configuration
    • Rule modifications
    • Setting changes

Data Residency

Choose where data is processed:

  1. Dashboard → Settings → Regions
  2. Select preferred region
  3. Data stays within selected region

Verification Checklist

  • [ ] Team created and accessible
  • [ ] Members invited and joined
  • [ ] Roles assigned correctly
  • [ ] SSO configured (Enterprise)
  • [ ] SCIM provisioning works (Enterprise)
  • [ ] Team Rules visible to members
  • [ ] Analytics accessible
  • [ ] Admin API working

Troubleshooting

IssueSolution
SSO not redirectingCheck IdP configuration
SCIM sync failingVerify token and endpoint
Team Rules not applyingCheck enforcement settings
User not seeing teamVerify invitation accepted
Analytics emptyWait for data collection

See Also

Built with VitePress | Powered by Claude AI