The short version
Every major AI platform decides what you can access from your login. None of them decide what the assistant should know about you from your team or role. That second layer, company guardrails plus a team playbook loaded from directory groups, is something you have to assemble yourself in 2026.
- Copilot, ChatGPT, Claude, and Gemini all trim data access to the signed-in person
- Anthropic's own docs: per-group configuration is "not yet supported"
- A two-layer instruction stack plus a whoami protocol works on every surface right now
Type whoami into any terminal and you get an answer. One word, instant, correct. The operating system knew who was at the keyboard before it drew a single window, and it never asks twice.
Your AI tools have no equivalent.
Half of one, sort of. Sign in to Microsoft 365 Copilot and it knows precisely which files you may open. ChatGPT Enterprise will only search what your account could already read. Claude’s enterprise search behaves the same way. Identity already controls what enterprise AI can see, on every major platform, and it works well.
What identity does not control, anywhere, is what the assistant gets told about you: your role, your team’s vocabulary and systems, the escalation paths, the rules your department lives by. A finance analyst and a sales rep sign in to the same assistant and get the same blank brain, plus one org-wide instruction field that reads identically for both of them. No proper team playbook in sight.
Security vendors use “AI identity” to mean the opposite direction, giving the agent its own credentials. Fine and needed, but not this. The question here is whether the assistant knows who you are, and whether anything useful loads because of it. Right now the answer is no, and the workarounds are worth knowing well.
What does your AI know about you?
Each platform resolves your identity at sign-in. What happens next differs a lot. The table below is the per-vendor state of it as of June 2026.
| Platform | How it knows you | What loads from identity | What stays manual |
|---|---|---|---|
| Microsoft 365 Copilot | Entra ID plus Microsoft Graph | Permission-trimmed grounding over mail, files, chats | Picking the right agent |
| ChatGPT Enterprise | SSO plus SCIM-synced groups | Role permissions, connector access by group | Opening the right Project |
| Claude Team / Enterprise | SSO, SCIM groups on Enterprise | Feature access by role, one shared instruction field | Opening the right Project or skill |
| Gemini for Workspace | Google account, OU and group | Drive-permission grounding, Gem access by group | Opening the right Gem |
Microsoft has the deepest data story. Copilot grounds every prompt through Microsoft Graph, and the company’s privacy documentation is blunt about the boundary: it only surfaces organizational data to which individual users have at least view permissions. Graph is the same layer that holds your job title, your manager, and your meetings, so Copilot arrives knowing more about your working life than any competitor. Instructions are a different matter. Behavior lives in agents, and an admin chooses which users or groups get an agent preinstalled. The agent still waits to be invoked.
OpenAI wired identity into permissions properly. ChatGPT Enterprise syncs directory groups through SCIM and lets admins hang roles and connector access off those groups. Company knowledge, its enterprise search, respects existing permissions so people only retrieve what they could already view. Instructions live in Projects, and project instructions override your personal custom instructions, but only inside a Project somebody deliberately opened.
Claude binds directory groups to roles and seats through SCIM on its Enterprise plan, the same rail the deployment hook in my org-wide CLAUDE.md post reads for team routing. The chat surfaces get one admin-set field, Organization Instructions, capped at 3,000 characters and applied to every conversation in the company in about an hour. Gemini scopes Gem sharing by organizational unit and group, with changes propagating inside 24 hours, and its enterprise tier keeps a personalization profile a person fills in by hand, role and industry included.
Strip the branding and one shape emerges. Identity-aware context loading is a two-step resolution with a missing third step. Step one is authentication: single sign-on confirms which human is present, and all four platforms do it. Step two is membership: SCIM or the directory keeps each person’s groups current, so the platform always knows the finance analyst sits in the finance group, and all four platforms consume this for permissions. The third step would be provisioning: use that resolved group to load a layered instruction set, the company-wide parent every employee shares plus the team-specific child that tells the assistant how this group works. No vendor ships step three on a chat surface. Group membership gates which containers a person may open. It never opens one. The most-solved problem in enterprise software, knowing who someone is, stops one step short of the thing that would make every session start smart.
Identity gates access, never instructions
That last claim deserves its proof, because it sounds like an exaggeration. It is not. Anthropic’s server-managed settings are the newest, slickest central-config channel in the industry, pushed from the admin console with hourly refresh, and the docs state the limit in one line: “Per-group configurations are not yet supported.” Settings apply uniformly to every user in the org. Which is a polite way of saying everyone gets the same brain.
I said identity is solved. Let me say that better: identity for access is solved. Identity for behavior has shipped exactly four near-misses, and each one is a container the user must walk into:
- Claude admins can bundle skills into a plugin and assign it to a group, so the finance group sees finance skills. The skill still loads when the task matches, not when the person arrives.
- Microsoft admins can preinstall and pin an agent for chosen groups. The person still has to talk to that agent rather than the default Copilot.
- OpenAI lets a workspace group share a Project carrying team instructions. Someone has to open it, chat by chat.
- Google scopes Gems to OUs and groups. Same deal: the Gem waits to be picked.
Access-gated, never auto-loaded.
And the one field that does load automatically is small and identical for everyone: Claude’s field caps at 3,000 characters, ChatGPT’s custom instructions hold 1,500, and GitHub Copilot’s organization instructions frustrated enterprise teams enough that a request for something bigger than 4,000 characters collected upvotes for months. Copilot for Microsoft 365 does not offer an org instruction field at all; behavior rides per-agent instructions instead.
The single-field design fails in entertaining ways. I have seen an early draft of one of these org fields written in first person, name included, by the person drafting it. Innocent enough. You write a note the way you always write notes. This note went where every session reads. So every session greeted every employee as that same person. Finance got hailed by that name. So did sales, and the newest hire in the building. Nobody had broken anything. The field did its job. The words were just wrong for everyone except their author. I laughed, then winced. Nothing about the field was misbehaving, and that was the unsettling part. One field for everyone means exactly that.
And when companies refuse to accept the uniform brain, they cobble the fix together by hand. Moderna built 750 role-specific GPTs in its first two months with OpenAI, and the count passed 3,000 inside a year. Three thousand hand-built containers, each carrying instructions some team wrote, none of them loaded by identity. That is the labor the missing step three quietly creates.
Treat the org chart as a context router
The fix has two parts: a structure and a loader. The structure is old news to anyone who runs config at scale. One parent file carries what never varies, the company’s guardrails, voice, data rules, non-negotiables. One child file per team carries what does vary: vocabulary, systems, escalation paths, the five tasks that team repeats all week. Two levels, no more, for the reasons I laid out in the CLAUDE.md hierarchy post. The interesting part is the routing key. Folders are the default key today, and folders are the wrong key. The right key is the thing your directory already maintains: group membership.
Route on groups and the joiner-mover-leaver lifecycle your IT team already runs starts working for AI context, free. Running Tallyfy for 10+ years taught me the directory is the only list of people a company keeps current; hang things on it and they stay true. New hire lands in the sales group, their assistant knows the sales playbook on day one, before they do. Someone moves from sales to ops, the directory change moves their AI context with them. No ticket. No migration project. Someone leaves, the access dies with the account. Nobody re-onboards their assistant, ever, because SSO is already the control plane for everything else they touch.
This showed up again and again during consulting calls this spring: companies assume the vendor must ship this before they can have it. On the coding surface you can have it now. A Claude Code SessionStart hook can read the signed-in user’s directory group, look the group up in a flat map, and print that team’s file straight into context, stacked on the always-loaded parent. The full implementation, script and team map included, is in the deployment post, so I will not repeat it here. For a glimpse of where this pattern goes, LaunchDarkly’s labs team published a SessionStart hook driven by feature flags, which means targeting rules deciding what context a session gets. Flags by group, context by flag.
The plumbing exists.
Chat surfaces give you no hook, so there the answer is a protocol, not a pipeline.
Here is the protocol, and it fits in any instruction field on any platform: tell the assistant to identify the person before assuming anything. Three rules. First, greet and confirm: if context suggests who is typing, open with it, “You’re Priya, you run AP, right?”, and if nothing suggests it, ask. Second, authority does not transfer: one person’s system access and sign-off rights never carry to whoever happens to be at the keyboard, so the assistant asks what the current person may do instead of inheriting the folder owner’s powers. Third, names mean people: “approved by” or “from” a named person means that person, confirmed, in this session, never a label pasted on a draft. A few lines of plain text. They run on Copilot, ChatGPT, Claude, and Gemini today, because they are instructions, not features.
At a company I advise, we shipped the parent layer twice from one source: a tier under 3,000 characters pasted into the chat-side admin field, and a fuller file for Claude Code, with depth pushed out into on-demand skills so a session that never touches a team’s work never pays tokens for that team’s rules. The first section of both tiers is the identity rule above. Not the data policy. Not the tone guide. Who are you talking to. Everything else hangs off that answer. Shared logins are the sharpest version of the problem: on a kiosk or a hot-desk terminal, the signed-in account tells you almost nothing about the person typing, and an assistant that assumes otherwise will happily sign one person’s name to another person’s work.
The protocol is spreading on its own, which I find reassuring. University IT departments now publish guidance telling staff to hand Copilot and ChatGPT a written description of their role, Iowa’s version landed in January, Kansas State’s the October before. An About Me page is the whoami protocol done by hand, one person at a time. It works. It just does not scale past the people diligent enough to write one, which is roughly the same population that fills in timesheets unprompted. Getting the org-level version of this stood up is a fair chunk of my consulting work these days, so if you are mid-rollout and want the shortcut, you know where I am.
Where this is heading
Will the vendors ship native per-group instructions? Almost certainly. The scaffolding is visibly converging: group-assigned plugins at Anthropic, group-pinned agents at Microsoft, group-shared Projects at OpenAI, group-scoped Gems at Google. The more I look at that lineup, the more “not yet supported” reads like a roadmap placeholder, not a refusal. Does that mean wait? No. The parent and child files you write now are the exact artifacts those features will consume when they land. Nothing about the writing is throwaway.
Mind you, the identity rails are being poured for the other direction first. Microsoft gave agents first-class identities in Entra, agent user accounts included, for acting on a specific person’s behalf. Okta built Cross App Access on an OAuth extension the IETF adopted as a draft standard in May 2026, with Okta’s Aaron Parecki among the authors. MCP, the protocol Claude and others use for tools, requires OAuth 2.1 and frames every client as acting on behalf of a resource owner. Translation: the industry is teaching agents to prove who they are to systems. Teaching assistants to know who their human is comes next, and my guess is the directory group will be the join key both directions share.
The timing matters more for mid-size companies than anyone admits. The Census Bureau’s business survey put AI use at 19.8% of US firms in May 2026, and the Federal Reserve’s read of the same wave found 32% adoption weighted by employment against 18% by firm count, meaning big companies moved first and everyone else is configuring this stuff right now. Configuring it without the identity layer means a thousand people re-explaining their jobs to a blank assistant every morning.
So, three moves, in order. Write the parent once, under 3,000 characters, and paste it into whatever org-wide field each of your platforms offers. Draft one team child for your highest-volume team and ship it as whatever container that platform supports, a Project, a Gem, an agent, a folder file. Put the whoami protocol at the top of both. The vendors will eventually wire step three for you. Until then, the companies whose assistants greet people by name and role, in the right team’s voice, did not get a feature early.
They wrote three files.
