SOP-022: Enterprise Features
Document Control
- Version: 1.0
- Last Updated: 2024
- Category: Advanced
Purpose
Deploy and manage Cursor at enterprise scale with security, compliance, and administrative controls.
Scope
This SOP covers:
- Enterprise security and compliance
- Identity and access management
- Administrative controls
- Model and integration management
Prerequisites
- Cursor Enterprise subscription
- Admin access to Cursor dashboard
- IT/Security team coordination
Security & Compliance Resources
| Resource | URL |
|---|---|
| Trust Center | trust.cursor.com |
| Security Page | cursor.com/security |
| Privacy Overview | cursor.com/privacy-overview |
| DPA | cursor.com/terms/dpa |
Certifications: SOC2 Type II, GDPR compliance
Key Features
Identity & Access
| Feature | Description |
|---|---|
| SSO/SAML | Single sign-on with your IdP |
| SCIM | Automated user provisioning |
| MDM Policies | Enforce team IDs and extensions |
| RBAC | Role-based access control |
Privacy & Security
| Feature | Description |
|---|---|
| Privacy Mode | Zero data retention with AI |
| Agent Security | Guardrails for tool execution |
| Hooks | Custom security workflows |
| Repository Blocklist | Restrict repo access |
Administrative Controls
| Feature | Description |
|---|---|
| Dashboard | Team management and monitoring |
| Admin API | Programmatic admin access |
| Analytics | Usage metrics and insights |
| Audit Logs | Track all administrative actions |
| AI Code Tracking | Per-commit AI usage metrics |
Procedure
Step 1: Set Up SSO
- Go to Dashboard > Settings > SSO
- Configure with your IdP (Okta, Azure AD, etc.)
- Map user attributes
- Test authentication flow
Step 2: Configure SCIM
- Enable SCIM provisioning in dashboard
- Configure in your IdP
- Set up automatic user sync
- Test provisioning/deprovisioning
Step 3: Deploy MDM Policies
Configure MDM to enforce:
- Allowed team IDs
- Approved extensions only
- Settings restrictions
Step 4: Enable Privacy Mode
- Go to Dashboard > Settings
- Enable Enforce Privacy Mode
- This applies org-wide
Step 5: Configure Model Controls
Restrict which models users can access:
- Dashboard > Settings > Models
- Select allowed models
- Block unwanted models
Step 6: Set Up Audit Logs
- Enable audit logging in dashboard
- Configure SIEM integration
- Set retention policies
Plan Comparison
| Capability | Teams | Enterprise |
|---|---|---|
| Centralized Billing | Yes | Yes |
| SSO/SAML | Yes | Yes |
| SCIM | No | Yes |
| Audit Logs | No | Yes |
| Privacy Mode Enforcement | Optional | Org-wide |
| Model Restrictions | No | Yes |
| Repository Blocklist | No | Yes |
| AI Code Tracking API | No | Yes |
| Priority Support | No | Yes |
| MSA & DPA | No | Yes |
Admin API
Access admin features programmatically:
bash
# Create API key at Dashboard > Settings > Advanced
# Example: Get team analytics
curl -X GET https://api.cursor.com/admin/analytics \
-H "Authorization: Bearer $ADMIN_API_KEY"Spend Controls
Configure usage limits:
| Level | Enterprise |
|---|---|
| Pool | Team-wide pooled usage |
| Per-user | Admin-only controls |
| Alerts | Threshold notifications |
Verification Checklist
- [ ] SSO configured and tested
- [ ] SCIM provisioning working
- [ ] MDM policies deployed
- [ ] Privacy Mode enforced
- [ ] Model controls configured
- [ ] Audit logs streaming
- [ ] Spend limits set
Getting Help
| Channel | For |
|---|---|
| Account Team | Enterprise support |
| hi@cursor.com | General inquiries |
| Security Disclosure | Vulnerabilities |