Team billing — Team/Enterprise plans with centralized audit

Scorecard question: How do you bill AI coding subscriptions for the team? Max‑score answer (3 pts): Team / Enterprise plans (Anthropic Teams, Cursor Teams, OpenAI Business) with centralized audit.

Why this matters in 2026

In 2024 it was acceptable for a five‑person team to expense personal Claude Pro and ChatGPT Plus seats. By 2026, that posture is a governance failure. AI coding subscriptions stopped being “a fancy autocomplete bill” and became one of the top three line items in most engineering budgets — alongside cloud compute and observability. They also became a security surface: every personal account holds source‑code‑adjacent prompts, screenshots, and pasted secrets outside your SSO, audit log, and offboarding checklist.

Personal reimbursement obscures spend, blocks audit, and pushes secrets onto personal accounts. The three big AI coding vendors all responded by shipping real Team and Enterprise tiers with admin consoles, SSO, SCIM provisioning, audit log exports, and centralized billing. By mid‑2026 those plans are table stakes for any engineering org above five developers — and most security and finance teams will flag personal‑card reimbursement as an audit finding the next time SOC 2 or ISO 27001 comes around.

If you scored 0 or 1 point, you almost certainly cannot answer three operational questions today: (1) how much did engineering spend on AI coding last month, by tool? (2) when Engineer X leaves, what AI accounts get revoked? (3) which model versions and retention settings does your team run on? Three points means those questions have one‑click answers in an admin console.

What “max score” actually looks like

Single billing entity per vendor. One Anthropic Team / Enterprise org. One Cursor Teams workspace. One ChatGPT Business / Enterprise workspace. No personal Pro subscriptions on the company card; no shared logins; no “John keeps the seat under his Gmail”.
SSO + SCIM enforced. Engineers log into AI tools the same way they log into GitHub, Linear, and Slack — through Okta, Entra ID, or Google Workspace. New hires get provisioned by the same IT script that hands them email; leavers get deprovisioned by the same offboarding ticket.
Admin audit log exported. Each vendor’s admin console exports prompt counts, login events, model usage, and (where supported) full prompt/response audit trails into your SIEM or a long‑lived storage bucket. Retention matches your security policy (typically 90–365 days).
Centralized invoice + per‑tool budgets. Finance receives one invoice per vendor per month, charged to a single AI tooling cost center. Each tool has a stated annual budget; admin gets alerts before seats overflow it. (This is the entry point to Q4 · Cost visibility’s full FinOps loop.)
Documented data posture. You can name, in one sentence per vendor, whether prompts are used for training (no, by contract), what regions data is processed in, what retention applies, and which DPA you signed. (See Q21 · Compliance policy for the deep dive.)
Zero personal accounts active for work. When a developer says “I’ll just keep using my personal Cursor”, the answer is “no — the work account has all the same models, plus your access to the company codebase prompt library, your shared rules, and the privacy mode the security team requires”.

Concretely: on Monday a new hire authenticates into Claude, Cursor, and ChatGPT via SSO before lunch, zero credit card details exchanged; on Friday a leaver loses all three accesses the instant their GitHub access dies.

Current landscape (web‑search‑verified)

Anthropic Teams ($30/seat/mo) and Claude Enterprise

Anthropic operates two tiers above individual plans: Claude Team and Claude Enterprise.

Claude Team — $30/user/month, billed annually, with a five‑seat minimum. Includes Claude (chat) and Claude Code with the same model access as Claude Pro. Adds a central admin console with seat management, usage breakdowns per user and per model, centralized billing, and the contractual guarantee that prompts and outputs are not used to train models. SSO is available; SCIM is on the higher tier.
Claude Enterprise — seat fee starts at roughly $20/seat/month plus usage billed at API rates, but list pricing is increasingly bespoke. Adds SSO and SCIM via Okta / Entra ID / Google Workspace, audit logs, custom data‑retention controls (down to zero‑retention for regulated workloads), Claude Code included, Cowork (collaborative workspaces), and a real DPA. The right plan if you have a security team, a SOC 2 / ISO 27001 commitment, or more than ~25 seats.

The pattern: Team gets you centralized billing and admin; Enterprise gets you the SSO/SCIM/audit/retention controls that compliance actually requires.

Cursor Teams / Business ($40/seat/mo) and Cursor Enterprise

Cursor’s team tier sits at the higher end of the market because the IDE is doing the heavy lifting.

Cursor Business — $40/user/month, includes Pro‑equivalent AI access plus admin controls, centralized team billing, shared team rules, an admin dashboard, privacy mode enforced at the org level, SSO/SAML integration, and priority support. The minimum useful plan for any team where engineers commit code to a shared repo.
Cursor Enterprise — on‑premise / VPC deployment, full audit logging into your SIEM, custom model routing (e.g. route Opus to your Bedrock account, route Sonnet to Anthropic direct), SCIM provisioning, a dedicated account manager, and SLA guarantees. Required for regulated industries and most >100‑seat deployments.

The admin API for usage and billing data is the killer feature here: you can pull per‑developer credit burn into your own dashboard and reconcile it with PR throughput. That’s how you get from Q3 (centralized billing) to Q4 (full FinOps).

OpenAI ChatGPT Business / Enterprise ($25–60/seat/mo)

OpenAI’s team offering covers both chat and Codex CLI access for engineering org workloads.

ChatGPT Business — $25–30/user/month, billed annually, with admin controls, the contractual guarantee that your prompts are not used to train models, SSO support, and higher usage limits than ChatGPT Plus. Codex CLI is included with mid‑tier limits per seat. Suitable for engineering teams who use ChatGPT for design discussion, planning, and Codex for in‑terminal coding.
ChatGPT Enterprise — ~$60+/user/month (negotiated), adds SCIM provisioning, full audit log API, customizable data retention (including zero‑retention), domain verification, expanded GPT‑5 / o‑series quotas, and a dedicated workspace admin. The seat that compliance‑heavy orgs actually buy.

In 2026 Codex usage matters as much as chat usage. Confirm with your AE that the Codex limits on Business are sized for your team’s terminal coding load — Pro’s Codex Cloud parallel runs are individual‑only.

When to graduate from individual plans

The trigger to consolidate is not a magical seat number; it is a combination of signals. Move to Team/Enterprise plans when any two of these are true:

You have more than 5 engineers actively using AI coding tools daily.
You handle customer PII, payment data, or regulated workloads in the codebases your engineers prompt against.
You have a SOC 2 / ISO 27001 / HIPAA / GDPR commitment that names “AI tools” as in‑scope (most do in 2026).
Your AI tooling spend exceeds $1,500/month across the company on personal cards.
You’ve had at least one offboarding where you couldn’t fully prove the leaver’s AI accounts were revoked.
You can’t answer “how much did we spend on Claude last month” without a Slack thread.

Staying on individual plans past that threshold is not “leaner” — it is debt that compounds at SOC 2 renewal time.

Step‑by‑step: migrating from personal reimbursement to team plans

Inventory current spend and accounts. Pull six months of expense reports filtered to AI tooling vendors. For each engineer, list which tools they expense, the email on the account (often a personal Gmail), and the monthly amount. Add to that a Slack survey: “which AI coding tools do you use for work, even if you don’t expense them?” Expect to find 30–50% more accounts than expense reports show — free tiers and personal trials count.
Pick your “primary three” vendors. You almost certainly don’t need Team plans for ten tools. Pick three: a chat/LLM provider (Anthropic or OpenAI or both), a coding IDE (Cursor or GitHub Copilot Business), and a terminal/agent runtime (Claude Code on the Anthropic seat, Codex on the OpenAI seat). Document the choice — this is your Q2 · Tooling policy artifact.
Stand up SSO before you buy the seats. Configure SAML / OIDC for each vendor against your IdP (Okta, Entra ID, Google Workspace) using a test domain or sandbox tenant. Confirm SCIM provisioning flows match your existing pattern (add to Engineering group → seat appears; remove from group → seat revoked). Doing this before purchase means engineers’ first login is via SSO, not via personal email.
Negotiate the contract, don’t take list pricing. Above ~15 seats, every vendor will negotiate. Push on (a) reduced per‑seat price for annual prepay, (b) inclusion of SCIM/audit features that sit on the higher tier, (c) explicit zero‑training and retention clauses in the DPA, (d) a shared data‑processing region (EU‑only if you have GDPR scope), (e) usage commit credits if you also consume the API. Get the DPA signed before anyone logs in.
Run a two‑week parallel period. Provision team seats and invite all current users. For two weeks, both personal and team accounts work. Communicate clearly: at end of week two, personal account access for work is prohibited and reimbursement stops. This avoids the “I lost my chat history” mutiny and gives engineers time to export anything they want to keep.
Force cutover and revoke personal access. At day 14, finance turns off reimbursement codes for the affected vendors. Engineering managers verify each direct report has logged in to the team workspace at least once. Add the team account login to the new‑hire checklist and the leaver checklist (the latter is critical — see Q3 of the leaver runbook below).
Wire admin audit logs into your SIEM (or a long‑lived bucket). Each vendor exposes audit data via API or scheduled export. Pipe it to the same destination as your GitHub and Okta logs. Even if you never read it day‑to‑day, it has to exist at audit time. Stand up a dashboard with monthly active users, prompt volume per tool, and seat utilization — this seeds Q4 · Cost visibility.
Update the offboarding runbook. Add: “Revoke vendor X workspace access” for each of your team‑plan vendors, both in IT’s automated SCIM deprovisioning and as a manual checkbox for any tools not on SCIM yet. Run a tabletop drill on the next leaver to confirm the deprovisioning actually fires.
Re‑negotiate every 6–12 months. Vendor pricing structures shift twice a year in this market. Calendar a contract review halfway through each term to renegotiate based on actual usage. If a vendor has under‑delivered on Codex quotas or Cursor credits, that’s leverage at renewal.

Common pitfalls

Paying twice during cutover. The most common money leak is personal subscriptions running for months after team seats go live, because engineers forget to cancel. Fix it: when team seats activate, IT pulls the list of expensed AI subscriptions from the last 90 days and asks each engineer to confirm cancellation, with a deadline.
Buying Team without SSO. Cheaper Team tiers don’t include SSO; engineers self‑register with a corporate email but no IdP enforcement. This satisfies finance and fails compliance. If SSO isn’t in the tier you’re buying, you haven’t moved past personal accounts — you’ve just moved the payment instrument.
Lost audit on prior personal accounts. Personal Claude Pro / ChatGPT Plus accounts that pre‑dated team plans still hold months of prompts referencing internal code. Mandate: as part of cutover, every engineer signs an attestation that they have either deleted their personal account or exported and revoked any company‑data prompts. Re‑attest yearly.
Mixing personal and work logins via Google SSO. Even with SAML, “Sign in with Google” lets engineers flip to a personal Google in another window and create a parallel workspace. Force SAML‑only on the vendor side and disable the public Google OAuth path.
Forgetting Codex / Claude Code / Background Agents are bundled. Some teams buy ChatGPT Business and separately reimburse personal Codex CLI on Pro. The Business seat already includes Codex with usable limits. Same trap on Anthropic Team (Claude Code included) and Cursor Teams (Agents included). Audit the entitlement matrix quarterly.
Single admin = bus factor of one. The first deploy usually has one IT person holding all admin roles. Always set up at least two admins per vendor, one IT and one engineering, with a documented break‑glass procedure.
Not budgeting for the Enterprise jump. Team is $30–40/seat; Enterprise is often $80+/seat plus usage. Once you cross 25+ seats or get a compliance commitment, expect the bill to roughly double.

How to verify you’re there

Open each vendor’s admin console. You can see every account, who provisioned it, when they last logged in, and how many prompts/credits they’ve used this month.
Pull a SAML / SCIM event log: every new‑hire onboarding in the last quarter shows automatic seat provisioning; every leaver shows automatic deprovisioning within minutes.
The finance team can show you a single line item per vendor per month, charged to one “AI tooling” cost center, with year‑to‑date and budget‑vs‑actual.
You can produce, on demand, a signed DPA from each major vendor specifying no‑training, data residency, and retention windows.
A random engineer cannot pay for and use a competing AI coding tool on the company card without explicit exception approval through Q2 · Tooling policy.
An offboarded engineer from the last 90 days has zero active sessions, zero outstanding prompts, and zero recoverable history on any team‑plan vendor.
You can answer, in under a minute, “what model versions are our engineers running on, in what region, with what retention”.
Your security team’s SOC 2 / ISO 27001 evidence folder contains screenshots of the admin console, the SAML config, the audit log export, and the signed DPAs — not Slack threads.