MCP Salesforce Server
vhosted (GA 2026-04-29); DX @salesforce/mcp 0.30.14Salesforce (Official)
Salesforce's official MCP offering. Primary path is Hosted MCP Servers (GA 2026-04-29, included for Enterprise Edition+ and Developer Edition orgs): Salesforce-managed endpoints exposing org data, flows, Apex actions, and Named Query APIs via OAuth with PKCE, enforcing CRUD/FLS/sharing as the authenticated user. Variants: local DX MCP server (@salesforce/mcp, v0.30.x, Apache-2.0) for dev workflows, and the Data 360 MCP server in developer preview (May 2026).
Trust Vector Analysis
Dimension Breakdown
๐Performance & Reliability+
Assessment of hosted-server operation reliability against the underlying Salesforce API platform
Review of tool execution paths for queries, flows, and Apex actions
Analysis of org API limit consumption by MCP tool calls
Managed-infrastructure scalability assessment
Error propagation and recovery behavior review
๐ก๏ธSecurity+
Authentication mechanism review
Access control model analysis
Write-path risk assessment across standard and custom servers
Audit logging review
Default configuration and enablement review
๐Privacy & Compliance+
Data flow analysis of CRM record exposure to the model context
Assessment of mechanisms available to minimize data exposed to agents
Data residency and control boundary analysis
Data sharing analysis
Regulatory exposure assessment for CRM data in agent workflows
๐๏ธTrust & Transparency+
Documentation completeness review
Logging and traceability assessment
Source availability review across the hosted, DX, and Data 360 variants
API coverage documentation review
โ๏ธOperational Excellence+
Setup complexity assessment
Performance assessment against underlying API behavior
Reliability analysis
Feature coverage assessment
Deployment option and edition availability review
- +Salesforce-managed hosted endpoints: no infrastructure to run, scales like the REST APIs (GA 2026-04-29)
- +Org permission model enforced end-to-end: CRUD, field-level security, and sharing rules apply, with every transaction running as the authenticated user
- +OAuth with PKCE plus a dedicated MCP OAuth scope separates agent access from existing API integrations
- +Secure by default: servers disabled until explicitly enabled in Setup, with full audit trails
- +Included at no additional cost for Enterprise Edition+ orgs and Developer Edition
- +Custom servers expose flows, Apex actions, and Named Query APIs as curated tool sets; read-only sobject-reads server available
- +Open-source variants: DX MCP server (@salesforce/mcp, Apache-2.0) for dev workflows and Data 360 MCP server in developer preview
- !CRM PII at scale (contacts, leads, accounts, opportunities) flows into the LLM provider's context
- !Write-capable tools (record CRUD, flows, Apex actions) act with the user's full org permissions - over-permissioned users mean over-permissioned agents
- !Requires Enterprise Edition or above (or Developer Edition); not available on lower editions
- !Admin-driven setup (Setup enablement + External Client App) adds friction versus one-click consumer MCP servers
- !MCP tool calls consume org API request limits
- !Hosted servers are closed source; open-source DX and Data 360 variants cover different scopes (dev tooling, Data 360 APIs) rather than the hosted CRM servers
- !Data 360 MCP server is developer preview only (stdio, Java 17+) and not yet part of the hosted GA lineup
Use Case Ratings
code generation
DX MCP server is purpose-built for Salesforce development workflows (orgs, metadata, testing)
customer support
Strong fit: case, contact, and account context with org permissions enforced
content creation
Useful for CRM-grounded outreach drafting; not a content platform
data analysis
Data 360 SQL and Tableau Next servers plus Named Queries enable governed analytics
research assistant
Good for account research within the org; limited outside CRM data
legal compliance
Strong access controls and audit trails, but CRM PII reaches the LLM provider
healthcare
Health Cloud data routed through agent contexts raises PHI exposure concerns
financial analysis
Governed access to revenue/opportunity data; FLS can shield sensitive fields
education
Applicable for Education Cloud orgs; standard CRM caveats apply
creative writing
Not a fit beyond CRM-personalized copy