FAQ

What changed from beta to GA?

Three things changed:

1. URL version: v1-beta.2 → v1
2. OAuth scopes: The four beta scopes (api, sfap_api, refresh_token, einstein_gpt_api) are replaced by two: mcp_api and refresh_token
3. Server activation: The single org-wide beta toggle is replaced by per-server activation in Setup → API Catalog → MCP Servers. Servers are disabled by default — an admin must explicitly enable each one.

For the full migration guide, see the official Beta to GA Transition documentation.

Which server should I start with?

• platform/sobject-reads for safe exploration. Read-only — no risk of modifying data. Ideal for initial evaluation, sandbox testing, and building confidence.
• platform/sobject-all for full access. Read, write, and delete capabilities. Also includes prompt templates (currently usable in Claude and Cursor), which provide structured starting points for common tasks like Account Review Briefings.

For the complete list of servers and their tools, see the official servers reference.

Can I use a Connected App?

No. External Client Apps (ECAs) only. Connected Apps are a legacy construct and are not supported for MCP authentication. ECAs are the modern evolution of Connected Apps, designed with modern security patterns like PKCE and stricter scope management.

Do I need to install anything locally?

It depends on the client:

• Postman, Claude (web), ChatGPT: No local installation needed. These are web-based or have native cloud support.
• Cursor, Claude Desktop: Requires a local application install.

Important: The mcp-remote npm library (used by some MCP clients to bridge STDIO to HTTP) is not supported. If a client requires mcp-remote to connect to a remote MCP server, we do not support that configuration. Use clients with native OAuth/HTTP MCP support, or work with the client vendor to explore alternatives.

Does MCP use an LLM on the Salesforce side?

No. The processing of the MCP server is completely deterministic. It receives structured tool calls and returns matching data — no language model processes requests or responses on the Salesforce side. The LLM is entirely on the client side (Claude, ChatGPT, etc.).

This is an important distinction. When you call a tool in Postman, you're making a direct API call to Salesforce. The intelligence comes from the client, not the server.

What permissions does the agent have?

The external agent gets the same permissions as the human who authenticates — no more, no less. This includes:

• Object-level access (CRUD)
• Field-level security (FLS)
• Record sharing rules
• Record-level security

If the user can't do it in the Lightning UI or via the REST API, they can't do it via MCP. If the agent updates a record, the authenticated user's name appears in the audit trail as the editor.

Want to give the agent less access than the user normally has? See Security and Permissions for strategies including read-only servers, Named Queries, and custom Apex tools, and more.

Can I restrict which tools are available?

Yes. Three approaches, in order of simplicity:

1. Choose a more restrictive standard server — Use platform/sobject-reads instead of platform/sobject-all to eliminate write operations entirely.
2. Create a custom server — Bundle only the tools you want into a custom MCP server with exactly the capabilities you need.
3. Restrict at the ECA level — Use profile and permission set assignments on the External Client App to control which users can authenticate through which clients.