Set Up Your Org

Before AI clients can connect to your Salesforce org through MCP, you need to configure authentication and access. This setup process is a one-time configuration that enables any MCP-compatible client to connect securely using OAuth 2.0.

External Client App — Register your MCP client as an OAuth application in Salesforce. This provides the authentication credentials that clients use to connect to your org.

OAuth Scopes — Grant the permissions needed for MCP servers to access Salesforce data and operations on behalf of authenticated users.

Security Settings — Enable Proof Key for Code Exchange (PKCE) and JWT-based tokens to ensure secure, standards-based authentication.

• You need System Administrator or equivalent permissions to create an External Client App in Setup.
• Identify which MCP client you'll be connecting (Claude, ChatGPT, Cursor, Postman, or another MCP-compatible tool). You'll need to configure the callback URL specific to your client.

Start by creating an External Client App to register your MCP client with Salesforce.