Overview

Salesforce MCP is the official Model Context Protocol server for the Salesforce platform, built and maintained by Salesforce (via the Salesforce CLI team). It enables AI assistants to interact with Salesforce orgs programmatically — querying records with SOQL, creating and updating CRM data, deploying metadata, managing permissions, and running code analysis through a standardized MCP interface.

Salesforce is the world largest CRM platform, powering sales, service, marketing, and commerce for over 150,000 organizations globally. The MCP server exposes 60+ tools spanning the full Salesforce developer and admin surface area, from org management and metadata retrieval to record-level CRUD operations and static code analysis. Salesforce Hosted MCP Servers reached General Availability in early 2026, enabling admins to expose specific APIs as fully managed, security-inheriting MCP endpoints without custom code.

For organizations adopting AI-assisted workflows, Salesforce MCP represents one of the highest-stakes connectors available. Customer records, revenue pipelines, contract data, and permission structures all flow through Salesforce. Any AI agent with write access to Salesforce can directly impact business outcomes, making governance over this connector a top priority for enterprise teams.

Key Features

Record Management (CRUD)

Create, read, update, and delete Salesforce records across all standard and custom objects. AI assistants can manage contacts, accounts, opportunities, cases, and any custom object through natural language.

Metadata Deployment

Retrieve and deploy metadata between orgs, enabling AI-assisted development workflows. Push code changes, configuration updates, and customizations from sandboxes to production.

Permission and Security Management

Assign permission sets to users, manage org-level access configurations, and enforce security policies. Directly controls who can access what data within the Salesforce ecosystem.

SOQL Query Execution

Run arbitrary SOQL queries against connected orgs, enabling AI assistants to extract business intelligence, generate reports, and answer complex questions about CRM data in real time.

Code Analysis and Compliance

Run static code analysis using Salesforce Code Analyzer, checking for best practices, security vulnerabilities, and performance issues in AI-assisted development workflows.

Multi-Org Management

List and switch between connected Salesforce orgs, supporting teams that manage multiple environments (production, sandbox, developer orgs) from a single AI conversation.

Capabilities

Salesforce MCP exposes 11 tools for AI agents. 3 require approval.

5 Read3 Write1 Delete2 Execute

Tool	Operation	Risk	Description
`sf_list_all_orgs` Lists all connected Salesforce orgs	Read	Low Risk	Lists all connected Salesforce orgs
`sf_get_username` Retrieves org username or alias	Read	Low Risk	Retrieves org username or alias
`sf_retrieve_metadata` Pulls metadata from a connected org	Read	Medium Risk	Pulls metadata from a connected org
`sf_deploy_metadata`Approval Pushes local metadata to an org	Execute	High Risk	Pushes local metadata to an org
`sf_assign_permission_set`Approval Assigns permission sets to users	Write	High Risk	Assigns permission sets to users
`run_code_analyzer` Static code analysis for best practices, security, performance	Execute	Medium Risk	Static code analysis for best practices, security, performance
`describe_code_analyzer_rule` Gets rule details (engine, severity, tags)	Read	Low Risk	Gets rule details (engine, severity, tags)
`sf_run_soql` Executes SOQL queries against org data	Read	Medium Risk	Executes SOQL queries against org data
`sf_create_record` Creates a new Salesforce record	Write	Medium Risk	Creates a new Salesforce record
`sf_update_record` Updates an existing Salesforce record	Write	Medium Risk	Updates an existing Salesforce record
`sf_delete_record`Approval Deletes a Salesforce record	Delete	High Risk	Deletes a Salesforce record

Use Cases

Strategy-Aligned Use Cases

AI-Assisted Pipeline Management

AI assistants query the opportunity pipeline, identify stalled deals, update stage progression, and flag accounts requiring executive attention — all aligned with revenue targets and strategic growth initiatives.

Automated Compliance Auditing

Run code analysis across org metadata to identify security vulnerabilities, check for compliance with internal coding standards, and generate audit-ready reports of configuration changes.

Cross-System Data Enrichment

Combine Salesforce CRM data with signals from other tools (Slack conversations, GitHub activity, marketing campaigns) to build enriched account profiles that inform strategic account planning.

Permission Governance at Scale

Audit and manage permission set assignments across large organizations, ensuring access controls stay aligned with role changes, team restructuring, and compliance requirements.

Considerations

Before You Adopt

**Critical Write Operations**: Salesforce MCP includes high-impact write operations — deploying metadata to production, deleting records, and assigning permission sets — that can immediately affect live business systems serving thousands of users.
**Customer Data Sensitivity**: Salesforce typically contains PII (names, emails, phone numbers), financial data (deal values, contract terms), and strategic information (pipeline forecasts, account plans). AI access requires role-based scoping aligned with data classification policies.
**Production vs. Sandbox Isolation**: The multi-org capability means an AI assistant could potentially execute operations against production when intending sandbox work. Clear org-level access controls and environment indicators are essential.
**Compliance and Audit Requirements**: Industries like healthcare (HIPAA), finance (SOX), and government (FedRAMP) impose strict requirements on who and what can access CRM data. All AI-initiated Salesforce operations must be logged with full traceability.
**API Rate Limits and Throttling**: Salesforce enforces strict API limits that vary by edition and license type. High-volume AI workflows can exhaust daily API allocations, impacting other integrations and user operations.

Stratafy Fit

Integration Potential

5/5

Salesforce MCP is a top-tier governance target for Stratafy. As the most widely-used enterprise CRM, it holds an organization most sensitive customer, revenue, and strategic data. AI agents with ungoverned Salesforce access pose significant risks: accidental record deletion, unauthorized data exports, production metadata deployments, and permission escalation. Stratafy provides essential controls — role-based function scoping (read-only for analysts, write access for managers, deploy access for admins), approval workflows for high-risk operations like metadata deployment and record deletion, and comprehensive audit trails that satisfy SOX, HIPAA, and FedRAMP compliance requirements. The breadth of Salesforce MCP (60+ tools) and its high risk classification make it one of the most valuable connectors to govern.

Salesforce MCP