SOP-015: Team & Enterprise
Document Control
| Field | Value |
|---|---|
| SOP ID | SOP-015 |
| Version | 1.0 |
| Status | Active |
| Last Updated | 2024-12 |
Purpose
This SOP covers team and enterprise features in Cursor, including team setup, SSO, SCIM, Team Rules, and administrative controls.
Scope
- Team creation and management
- SSO configuration
- SCIM provisioning
- Team Rules
- Enterprise admin controls
- Analytics and APIs
Prerequisites
- Cursor Team or Enterprise subscription
- Admin access to organization
Procedure
Team vs Enterprise
| Feature | Team | Enterprise |
|---|---|---|
| Team Rules | ✅ | ✅ |
| Shared documentation | ✅ | ✅ |
| Usage analytics | ✅ | ✅ |
| Admin dashboard | ✅ | ✅ |
| Billing groups | ✅ | ✅ |
| SSO (SAML 2.0) | ❌ | ✅ |
| SCIM provisioning | ❌ | ✅ |
| Audit logs | ❌ | ✅ |
| Data residency | ❌ | ✅ |
| MDM policies | ❌ | ✅ |
| Admin API | ❌ | ✅ |
| Priority support | ❌ | ✅ |
Step 1: Create a Team
- Go to cursor.com/dashboard
- Click "Create Team"
- Enter team name and details
- Choose billing plan
Step 2: Add Team Members
Invite by Email:
- Dashboard → Team → Members
- Click "Invite Members"
- Enter email addresses
- Assign roles (Admin, Member)
Roles:
| Role | Capabilities |
|---|---|
| Owner | Full control, billing, delete team |
| Admin | Manage members, rules, settings |
| Member | Use Cursor with team features |
Step 3: Configure SSO (Enterprise)
Supported Providers:
- Okta
- Azure AD
- Google Workspace
- Any SAML 2.0 provider
Setup:
- Dashboard → Settings → SSO
- Choose provider or Custom SAML
- Configure with your IdP:
- ACS URL (from Cursor)
- Entity ID (from Cursor)
- IdP metadata (from your provider)
- Test connection
- Enable for team
SSO Flow: Cursor Login → IdP (Okta/Azure/Google) → Cursor Session
| Step | Action |
|---|---|
| 1 | User opens Cursor and clicks "Sign in with SSO" |
| 2 | Redirects to Identity Provider (IdP) |
| 3 | User authenticates with IdP credentials |
| 4 | IdP returns SAML assertion to Cursor |
| 5 | Cursor creates authenticated session |
Step 4: Configure SCIM (Enterprise)
Automate user provisioning:
- Dashboard → Settings → SCIM
- Generate SCIM token
- Configure in your IdP:
- SCIM endpoint URL
- Bearer token
SCIM Capabilities:
- Automatic user creation
- User deactivation on IdP removal
- Group sync
- Attribute mapping
Step 5: Set Up Team Rules
From Dashboard:
- Dashboard → Team Content → Rules
- Click "Add Rule"
- Write rule content
- Configure enforcement:
- Enable immediately: Active upon creation
- Enforce this rule: Users cannot disable
Example Team Rule:
markdown
# Team Coding Standards
## Required Practices
- All code must have TypeScript types
- Use our internal logging library for all logs
- Follow the repository pattern for data access
- Never commit secrets or API keys
## Preferred Patterns
- Use functional components in React
- Prefer async/await over .then() chains
- Add JSDoc comments for public APIsStep 6: Manage Auto-Run Settings (Enterprise)
Override user settings for security:
- Dashboard → Settings → Auto-Run
- Configure controls:
| Setting | Options |
|---|---|
| Auto-Run Controls | Enable/disable user controls |
| Sandboxing Mode | Force sandbox for all |
| Sandbox Networking | Allow/deny network in sandbox |
| Terminal Allowlist | Organization-wide command list |
| Enable Run Everything | Allow/deny full trust mode |
Analytics
Dashboard Analytics
View team usage at Dashboard → Analytics:
- Active users
- AI requests
- Model usage
- Feature adoption
Analytics API
Programmatically access analytics:
bash
curl -X GET "https://api.cursor.com/v1/team/analytics" \
-H "Authorization: Bearer $CURSOR_API_KEY"Available Metrics:
- Daily/weekly/monthly active users
- Requests by feature (Tab, Chat, Inline Edit)
- Model usage breakdown
- Per-user statistics
AI Code Tracking API
Track AI-generated code contributions:
bash
curl -X GET "https://api.cursor.com/v1/team/ai-code-tracking" \
-H "Authorization: Bearer $CURSOR_API_KEY"Admin API
Manage team programmatically:
List Members:
bash
curl -X GET "https://api.cursor.com/v1/team/members" \
-H "Authorization: Bearer $CURSOR_API_KEY"Add Member:
bash
curl -X POST "https://api.cursor.com/v1/team/members" \
-H "Authorization: Bearer $CURSOR_API_KEY" \
-d '{"email": "user@company.com", "role": "member"}'Remove Member:
bash
curl -X DELETE "https://api.cursor.com/v1/team/members/{userId}" \
-H "Authorization: Bearer $CURSOR_API_KEY"Billing Groups
Organize spend tracking:
- Dashboard → Billing → Billing Groups
- Create groups (by department, project, etc.)
- Assign members to groups
- View spend per group
Audit Logs (Enterprise)
Track administrative actions:
- Dashboard → Settings → Audit Logs
- View history of:
- Member additions/removals
- Role changes
- SSO configuration
- Rule modifications
- Setting changes
Data Residency
Choose where data is processed:
- Dashboard → Settings → Regions
- Select preferred region
- Data stays within selected region
Verification Checklist
- [ ] Team created and accessible
- [ ] Members invited and joined
- [ ] Roles assigned correctly
- [ ] SSO configured (Enterprise)
- [ ] SCIM provisioning works (Enterprise)
- [ ] Team Rules visible to members
- [ ] Analytics accessible
- [ ] Admin API working
Troubleshooting
| Issue | Solution |
|---|---|
| SSO not redirecting | Check IdP configuration |
| SCIM sync failing | Verify token and endpoint |
| Team Rules not applying | Check enforcement settings |
| User not seeing team | Verify invitation accepted |
| Analytics empty | Wait for data collection |