Day 2 — Agentic AI · Claude Cowork
How Cowork reaches the rest of your business — Drive, SharePoint, AWS, your databases. Three install paths, one auth model, and a live demo your IT team will recognise.
By default, Claude Cowork sees only what's in the conversation and the folder you've connected. A Plugin opens a single, controlled door — Claude can now read your invoices in Drive, post a status to the AP Slack channel, query AWS for live Bedrock pricing, or look up a vendor in your master data system.
Plugin is Cowork's friendlier name for an MCP server — Model Context Protocol. The AI industry's adopted standard for "how does an AI tool talk to a business system." If you've heard the term MCP from your tech team, the Plugin marketplace inside Cowork is the same idea — pre-packaged, pre-vetted, with the technical wiring already done.
This is the most important framing for finance leadership. Plugins are an IT/admin concern. Configuring an MCP server, OAuth scopes, network policy, and credentials is a technical job. Using a Plugin is a finance concern. Once it's installed, you just say "check Drive for new invoices" — the same way you tell a new analyst to "go look in Drive."
Read this month's vendor invoices. Pull the FY26 budget pack. Find the latest credit policy doc.
Post the AP exception list to #ap-review every Monday. Notify the credit committee on a HIGH risk flag.
Query live Bedrock pricing in Singapore. Check S3 for the overnight reconciliation file. Read the latest CloudWatch metric.
Look up a vendor in your ERP. Read live FX rates from Treasury. Check transaction status in PayLater.
When IT installs a Plugin, three new capabilities appear inside your Cowork project. You don't see them as a list — you just notice Claude can now do things it couldn't before.
| Capability | What it means | Finance example |
|---|---|---|
| Tools | Specific actions Claude can take — read a file, send a message, query an API | Drive Plugin adds read_file, list_files, search_drive. Slack Plugin adds post_message. |
| Resources | Live data the Plugin can pull on demand — not pre-loaded into the conversation | The latest vendor master CSV from your ERP. Today's FX rates. The current GST schedule. |
| Prompt templates | Suggested ways to use this Plugin — almost like built-in mini-Skills | "Draft an exception summary from these invoices." The Plugin author has pre-written it for you. |
If you open Cowork → Customize → Plugins & Connectors, you'll see three different routes. They look similar but represent very different trust and ownership models. Knowing which is which matters when you're asking your IT team for access.
| Aspect | 🛒 Marketplace Plugin | 🔧 Custom MCP Server | 🔗 OAuth Connector |
|---|---|---|---|
| Catalog source | Anthropic-curated marketplace | Your internal teams or third-party vendors | Anthropic's hosted Connectors list |
| Where it runs | Plugin server published by author | On your infrastructure (or vendor's) | Anthropic-hosted |
| Set-up effort | One-click install (after admin approval) | IT build + deploy + maintain | OAuth pop-up — under 60 seconds |
| Authentication | Varies — usually OAuth or token | Whatever your IT chose (OAuth, API key, mTLS) | Always OAuth — scoped to your account |
| Best for | Common SaaS tools your team already uses | Internal-only systems (ERP, pricing engine, data warehouse) | Anything on the supported Connectors list |
| Org-managed? | Yes — admin can pre-install with 🔒 | Yes — IT chooses what to publish internally | Often yes — admin can pre-approve |
| Finance example | Slack, Drive, Box, GitHub, Notion | AnyCompany Vendor Master, Treasury FX feed, PayLater status API | Microsoft 365, AWS MCP, AWS Knowledge, Atlassian, Asana |
This is where most people — including senior IT folks — get tripped up the first time. A Plugin appearing in your Cowork settings does not mean Claude can use it yet. There are three independent layers, and all three must be on for the Plugin to actually work in a project.
The good news: once you understand the model, the troubleshooting flowchart is two steps long ("which layer is off?"). The bad news: most participants in your team will skip Layer 2 and conclude "the AI doesn't work."
The Plugin or Connector exists in your Cowork account. It shows up in Customize → Plugins & Connectors. This is the IT/admin step — Marketplace install, custom server registration, or Connector OAuth.
Open the project. Toggle the Plugin on for this specific project. Until you do, Claude cannot see it — even though it's clearly in your account list. This is by design: you don't want every Plugin loaded into every conversation. Most participants in the workshop will see "I installed it but Claude says it doesn't have the tool" — this is the layer to check.
Provide credentials to the upstream system. The form depends on the connector type: an OAuth pop-up (Drive, Slack, AWS MCP), AWS access keys + region (some AWS plugins), an API token (custom internal MCP), or — for fully internal servers — nothing extra because they trust the network. Some OAuth tokens expire and require periodic re-auth.
When something doesn't work, walk down this table. The order matters — Layer 1 → Layer 2 → Layer 3.
| Symptom | Likely layer | Fix |
|---|---|---|
| "I don't see the Plugin anywhere in Cowork." | Layer 1 — Install | Browse Marketplace and install, or ask IT to add it. For OAuth Connectors, click Connect in the Connectors panel. |
| "It's in my account list, but Claude says 'I don't have a tool for that.'" | Layer 2 — Activate | Open the project's Plugins panel and toggle the Plugin on for this project. Refresh the conversation. |
| "Claude tries the tool but gets 'unauthorized' or 'no permission'." | Layer 3 — Authenticate | Re-run the OAuth flow, refresh the AWS credentials, or check that your account has the required upstream scope (e.g. AP shared drive read access). |
| "Some queries work, others get 'access denied' for specific files." | Layer 3 — Scope | OAuth scopes are correctly granted but the upstream system (Drive, SharePoint) restricts the file. This is your IAM problem, not Cowork's. |
| "Worked yesterday, broken today, no settings changed." | Layer 3 — Token expiry | OAuth tokens or AWS session credentials have expired. Re-authenticate. Build a habit: check Layer 3 first thing on Monday morning. |
Your IT team almost certainly knows about Claude Code — Anthropic's CLI tool for developers. It also has Plugins, Skills, and MCP. This causes a real surprise the first time finance leaders compare notes with engineering: "My developer told me to install plugin X, but I can't find it in Cowork."
The two products share the underlying MCP protocol — they speak the same language to upstream systems. But they have separate plugin marketplaces and separate installed lists. Installing a Plugin in one does not install it in the other.
| Where Plugins live | Cowork Marketplace + your account |
| Install path | UI: Customize → Plugins & Connectors → Browse / Add server / Connect |
| OAuth Connectors | Anthropic-hosted (Microsoft 365, AWS, Box, GitHub, Atlassian, Asana…) |
| Custom MCP | "+ Add server" Blank option — paste server URL + auth |
| Where state is stored | Your Anthropic account — follows you across machines |
| Org admin controls | Org-managed plugins appear with 🔒 — pre-installed, not removable |
| Audience | Knowledge workers — finance, ops, comms |
| Where Plugins live | Claude Code's own marketplace + local config |
| Install path | CLI: /plugin install <name> or claude mcp add |
| OAuth Connectors | Subset overlaps with Cowork — auth flows are CLI-driven |
| Custom MCP | Edit ~/.claude/plugins/ + mcp.json by hand |
| Where state is stored | Local machine — ~/.claude/ |
| Org admin controls | Provisioned via dotfiles, repos, or enterprise MDM |
| Audience | Developers — code, infra, automation |
/plugin install aws-mcp in Claude Code, confirmed it worked at the CLI, then was surprised when finance users couldn't see it in Cowork. They are two different installs. To make AWS MCP available to finance users, the same Connector has to be enabled in Cowork — either via OAuth per-user, or as an org-managed pre-install.It's not all bad news. The pieces that do transfer between the two tools are the conceptual ones — the same vocabulary, the same auth model, often the same MCP server endpoints behind the scenes.
| Concept | Same in both? | What that means |
|---|---|---|
| MCP protocol | ✅ Identical | An MCP server your IT team builds works for both Cowork and Claude Code clients. Build once, reach both audiences. |
| 3-layer auth model | ✅ Identical | Install → Activate → Authenticate applies in both. Same diagnostics, same fixes. |
| Tools / Resources / Prompts model | ✅ Identical | Same three capability types appear; same invocation pattern. |
| Skills | ≈ Conceptually same | Same anatomy (name + description + body). Cowork stores per account; Claude Code stores in ~/.claude/skills/. |
| Marketplace catalog | ❌ Separate | Don't expect cross-availability. Verify each plugin in each tool's catalogue. |
| Installed plugins list | ❌ Separate | Installing in Claude Code does not make it available in Cowork (or vice-versa). |
| Org-managed lock 🔒 | ≈ Both support, different mechanism | Cowork: admin pushes via account. Claude Code: pushed via dotfiles / managed config. |
This is the demo that makes Plugins concrete in front of the room. The exact flow we discovered in the pilot session: from "Cowork can only see what you paste" to "Claude is querying live AWS Bedrock pricing for Singapore" — in under three minutes. The whole demo runs in the instructor's Cowork window; the room watches.
From the workshop-leader Cowork window. Show the room three sections: Plugins (Marketplace), Connectors (OAuth-based), and Add custom server. Point to all three so the participants can locate them later.
Scroll to the AWS MCP entry — described as "AWS knowledge, regional availability, AWS CLI commands, and infrastructure scripts." Click Connect. Note out loud: this is Layer 1 — Install.
The pop-up walks you through AWS sign-in (or in our demo, an instructor sandbox account is already pre-authorised). Note: this is Layer 3 — Authenticate happening at install time. AWS MCP doesn't have a separate per-project Layer 2 toggle in the current UI — it's auto-active once connected.
In a fresh conversation, type the diagnostic prompt:
Claude will list the ten AWS MCP tools. Read the names aloud — they're the alphabet of what Claude can now do for you in AWS:
"Ten tools, no code written. Yesterday Claude could only read what I pasted. Today it can run AWS CLI, search AWS docs, check regional availability — and the auth was a single OAuth click."
The marquee question — finance-relevant, Singapore-specific, requires Claude to actually call AWS:
Claude will run call_aws and search_documentation live. Expect it to surface the pricing table from our cheat sheet — but with today's data, not pre-baked content. The pricing should come back at $5 input / $25 output / $0.50 cache read per 1M tokens. Caveat — Singapore is cross-region.
The crucial finance/compliance moment. Highlight Claude's response and read this aloud:
ap-southeast-1. Every call routes via cross-region inference profiles like global.anthropic.claude-opus-4-7. Opus 4.7 is hosted in N. Virginia, Tokyo, Ireland, and Stockholm. Pricing is at the source-region rate, with no surcharge — but for data-residency-sensitive finance workloads, this is the kind of fact that has to come from your tech team's review, not a slide. Now imagine asking the AI this question yourself, instead of waiting two weeks for an architecture review email.Close with one sentence: "This is what your IT team will install for the AP team — but instead of Bedrock pricing, the Plugin will read invoices from your Drive, post exception summaries to Slack, and write to your reconciliation log." That's the bridge to the afternoon hands-on exercise.
If the OAuth flow fails on the day, or AWS MCP is rate-limited, fall back to one of these prompts. They still demonstrate the "Plugin in action" idea, but use a different connector.
Our 28-person AnyCompany Finance cohort is mixed: ~3 leadership, ~12 finance solutions / citizen developers / tech & data, ~3 process owners, and the rest spread across FP&A, Controllership, Audit, Tax, Treasury, and Reporting. A single "everyone installs the connector themselves" segment overwhelms half the room and bores the other half. A single instructor demo leaves the technical participants without hands-on time on the one tool they're most curious about.
The fix: split tracks for this segment, then merge again for the afternoon hands-on. Total time spent is the same as a single track — but every participant lands in the right zone.
This explainer is the bridge between the conceptual morning and the hands-on afternoon.
| When | Module | What it does for this page |
|---|---|---|
| Morning · Module 9 | Automation Stack | Establishes the four layers: Project Instructions + Skills + Scheduled Tasks + Plugins/MCP |
| Morning · Module 10 | Skills Deep-Dive | Goes deep on the Skills layer — anatomy, lifecycle, finance examples |
| Late morning · Module 11 | This page — Plugins, Connectors & MCP | Goes deep on the Plugins layer — three install paths, 3-layer auth, AWS demo |
| Afternoon · Hands-on | Build First Agent | Participants build a working agent — the Skill is theirs to write; the Plugins are mostly already installed by IT |
| Reference | Agentic Cheat Sheet | Per-day reference — verified Bedrock pricing, when-to-use-what, 3-file collaboration pattern |