ooligo
EN
English en Español es Português (Brasil) pt-BR
Subscribe
Tools Comparisons Workflows Learn
Verticals
RevOps Legal Ops Recruiting & TA
Language
English Español Português (Brasil)
GitHub Subscribe
mcp-server

MCP server exposing Salesforce read and write to Claude

Difficulty
advanced
Setup time
90min
For
revops · gtm-engineer
RevOps

Stack

An MCP server that gives Claude scoped read and write access to Salesforce, with permission tiers, audit logging, and a hard cap on bulk writes. Drop it in front of Claude Code or Claude.ai and your team can ask “show me all stuck deals over fifty thousand and update their close dates” without leaving the chat.

What you’ll need

  • A Salesforce Connected App with API and refresh-token scopes
  • A host that can run a long-lived process (Node, Python, or your container of choice)
  • Claude Code, Claude Desktop, or any MCP-aware client
  • A permission policy doc agreed with your security team

Setup

  1. Spin up the server. The reference implementation is a Node MCP server with three tool families: query, read_record, and write_record. Clone, install, set environment variables for the Connected App credentials.
  2. Define the permission policy. A YAML file lists which objects are readable, which fields are writable, and which operations require an explicit confirmation step. Default policy is read-only. Writes require an allowlist.
  3. Add the server to your MCP client. In Claude Code, add an entry to your client config pointing at the local process. The server announces its tools on startup.
  4. Wire audit logging. Every tool call produces a structured log entry: user, tool, arguments, result hash. Pipe to your logging stack of choice. This is non-negotiable for write operations.
  5. Test with read-only first. Run “show me my pipeline” before “update fifty deals.” Confidence comes from a few weeks of read-only operation.

How it works

The MCP server translates Claude tool calls into Salesforce SOQL queries and REST calls. Reads go through the policy filter and return JSON. Writes go through a confirmation step: the server returns a “would-do” preview, Claude shows it to the user, the user confirms, the server commits.

Bulk writes are special. The server hard-caps any update operation at twenty-five records by default. Larger operations require a separate bulk_write tool that is off by default and only enabled for specific user identities.

Watch-outs

  • Audit logging is mandatory. If a write tool runs without a corresponding log entry, the server should fail closed. Do not ship without this guard.
  • Field-level security drift. Salesforce permissions change. The server’s policy file can fall out of sync. Run a weekly job that diffs the policy against current FLS and alerts on mismatch.
  • Token rotation. Refresh tokens expire. Build the rotation flow before launch, not after the first 401.
  • Confirmation UX. The “would-do” preview must be unambiguous. “Update fifty deals” is not enough; show the IDs and the field-level diff.

Stack

  • Salesforce — system of record
  • MCP server — translation, policy, and audit layer
  • Claude — natural-language interface, tool caller