Skip to main content

0. Salesforce MCP - LS YT Vid

Note: The video covers material not in the guide below — please watch in full.

Action Step

Complete this before moving on.

Grab the Salesforce MCP plugin (linked in the video description) and, if you want, have Claude run the security checks on it yourself. If you're an operator with Salesforce CLI access, set up read-only MCP for your org end to end: have Claude build the ECA via the plugin, activate the Object Reads server in Salesforce, then wire the custom connector in Claude — MCP server URL plus the consumer key as the OAuth client ID, client secret left blank. Watch the three gotchas: Enterprise edition + system admin access, the JWT config setting, and appending a URL parameter if you'll have multiple Salesforce orgs authed into one Claude account.

Comment in Slack

Post your answer in your onboarding channel.

What was your biggest takeaway(s) from this training?

Training Guide

Every B2B team is sitting on a CRM full of answers nobody has time to dig out — open the browser, log in, search records, and even once you find the right one, you still have to figure out what it means. AI can finally read all of that for the team. But hand them the wrong setup and you've either built a security nightmare or a tool nobody touches. This overview video shows how we give a whole go-to-market team safe, read-only access so Claude can read Salesforce as the single source of truth.

It starts with choosing the right door.

Pick the Right Door

There are two ways to connect Salesforce to AI programmatically — and you have to pick the right door for the right person.

The CLI (command line interface) is the builder's door: you access Salesforce through a coding terminal with God-mode privileges — read and edit almost anything — but you need developer software installed on the machine. The hosted MCP (Model Context Protocol) is the other door: Salesforce hosts it, you add it as a connector inside Claude, and every user just auths in — no terminal, no code, no software.

So operators use the CLI (they have the acumen to install the tooling), and the rest of the go-to-market org — sales, marketing, often leadership — connects through the MCP. Click once, activate, done.

The MCP door isn't just easier — it's safer.

Security Is the Real Unlock

When someone connects via the MCP, they auth with their own Salesforce login. So they're scoped to exactly the permissions you already gave them — no new data-governance model to invent. You also get real audit trails showing the actual user, instead of an integration or API user. That's exactly why InfoSec teams are comfortable with this route, and why it's becoming the standard.

Now the pieces that make it work.

The Three Pieces

There are three pieces. The MCP server is the doorway into the data. The ECA (external client app) dictates who can use that server to get in. And the Claude connector — set up last — is where it all lives inside Cowork (Customize → Connectors → add a custom connector).

One deliberate choice shapes the whole setup.

Why Read-Only for Now

We set up read-only because it's not yet clear how to safely give the team write access. Even with a human in the loop, it's too easy to get lazy, say "yeah, write that to the CRM," and fill it with AI slop — and the CRM has enough of that already.

But read-only is still powerful: it unlocks morning briefs, pipeline hygiene, and instant reports you ask for in plain English. That's plenty for now.

Here's how the build actually goes.

The Build, in Three Parts

We've simplified this to three parts because a Claude plugin (the Salesforce Ultimate plugin) does most of the work — its references folder has everything baked in, including fixes for bugs we hit along the way.

  1. Build the ECA. In Claude Code (which has CLI access), use the plugin to connect to your Salesforce instance via the CLI and deploy the external app for you.
  2. Flip on the server in Salesforce. Go to Setup → MCP → the API Catalog entry → Salesforce Servers, pick Object Reads (not Deletes, API Context, etc.), click Activate, and grab the server URL.
  3. Wire the connector in Claude. Customize → Connectors → add a custom connector. Add a name, the MCP server URL, and the consumer key as the OAuth client ID — leave the client secret blank. Connect, sign in, and you'll see the read-only tools (I click "always allow" since it's not destructive).

If you can't add a custom connector, your Claude admin has the org-level restriction on. In that case the admin adds it once at the org level (Connectors → add → custom → web), and everyone else connects through the resulting "not connected" Salesforce entry.

Three things will bite you if you're not watching.

Three Gotchas

  • You need Enterprise edition or higher and system admin access — hosted MCP doesn't exist below Enterprise.
  • There's a JWT setting in the config file that everyone online reports as a bug — we solved it and baked the fix into the plugin, so check it if you hit issues.
  • If you'll have multiple Salesforce orgs in one Claude account, append a parameter to the end of the URL so they don't collide.

Getting it built is only half of it.

Enablement matters as much as the build. After the admin adds the connector at the org level, you still need a Loom or doc walking reps through connecting — because there's no native Salesforce connector in Claude; the custom connector is the only path.

And since it's read-only, Claude can't edit records — but a well-built skill or plugin can hand the rep a clickable link straight to the opportunity. That beats making someone open a browser, log in, and hunt the record down (nobody does that).

With that in place, here's what opens up.

Use Cases by Team

  • Sales — morning brief, pre-call prep triggered off the CRM, account intel, pipeline hygiene.
  • Marketing — self-serve reporting, channel-to-pipeline, competitor loss debriefs, live segmentation in plain English.
  • Customer Success — health and risk briefs, renewal prep, expansion signals, white-space cross-sell.
  • RevOps — hygiene sweeps, forecast reality checks, duplicate spotters, win-loss patterns.
  • Leadership — "how's the quarter going?" — with one big caveat: an LLM will hallucinate unless your go-to-market metrics are normalized in the CRM. That's a separate infrastructure project (we work with partners like Vasco on it), so keep leadership questions basic until that's in place.

And this isn't a Claude-only bet.

Where It's Headed

Once the Salesforce MCP is set up, it's not Claude-specific — you can use it in ChatGPT, Codex, Gemini, and Microsoft Copilot too. We're setting up read-only today; as the industry figures out safe write-access best practices, we'll roll those out next.

Wrap-Up

Pick the right door (CLI for operators, MCP for the team), lean on the Salesforce Ultimate plugin to build the ECA, activate Object Reads, and wire the read-only connector — secret blank. Mind the three gotchas, invest in enablement, and design skills that hand reps clickable links. Get this set up and you give the whole org the ability to ask the CRM instead of digging through it. The next trainings break down the fundamentals, the full setup, and team enablement.