Skip to content

Configure Your MCP Client

Jump to bottom
Ross Belmont edited this page Oct 13, 2025 · 16 revisions

You’ll need an MCP client to connect to the Salesforce hosted MCP server. Many MCP clients are available, and SDKs exist to create your own using widely-available LLMs. It is beyond the scope of this documentation to capture detailed setup information for every MCP client, so you may need to contact the vendor that supports your chosen client for details on which authentication options supported and how to configure them. The MCP clients listed here have been tested by Salesforce.

Note: if you're having trouble authenticating via the steps below, make sure to follow the previous steps to Log Into Your Target Org.

Optional: Install Node and MCP Remote

Some applications can be configured to work with the Salesforce hosted MCP server with the help of the mcp-remote package and Node.js. The use of this locally-installed software works around limitations of the MCP client apps that do not support the full range of authentication options.

If you choose this path, install those packages as per their instructions from the respective web sites, and verify the installation via the command line or Terminal using the commands node -v and npm -v. (Each one should return successfully and show the version number of the installed software.)

Note on the Security of mcp-remote

Important note: mcp-remote acts as a proxy for every MCP request, so be sure that you are comfortable using that software as part of your configuration. Understand that you do so at your own risk. Since it is open source, you have the option of inspecting the mcp-remote code directly. If you are not comfortable or confident in that open source option, select a different client that supports the required authentication—but be aware that it may require a paid account or license.

Postman

Postman can be configured to authenticate with the Salesforce hosted MCP server using OAuth 2.0 with PKCE (Proof Key for Code Exchange).

  • Open Postman and create a new request
  • Click the icon next to the label Untitled Request and select MCP
  • In the main text input below the Untitled Request label, switch the dropdown value from STDIO to HTTP and paste the URL of your chosen MCP server. To assemble the URL, and substitute the SERVER-NAME from the list of available servers as appropriate. Also, note that the first part of the URL is different if you're using a Developer org versus a scratch org or sandbox.
  • Navigate to the Authorization tab
  • Set Auth Type to OAuth 2.0
  • Set Add authorization data to to Request Headers
  • Click Configure New Token in the right-hand pane and enter the following values:
    • Token Name: Enter a descriptive name (example: Postman Sandbox)
    • Grant Type: Select Authorization Code (With PKCE)
    • Callback URL: leave the callback URL in place, and be sure it matches the callback URL in the External Client App.
      • As of this writing, the callback URL for Postman is https://oauth.pstmn.io/v1/callback, and the callback URL for the web browser version of Postman is https://oauth.pstmn.io/v1/browser-callback. Consult Postman's documentation if you're unsure.
      • Check the box for Authorize using browser
    • Auth URL: Enter the authorization URL, and note that the URL is different if you're using a Developer org versus a scratch org or sandbox.
      • For a Developer org, use https://login.salesforce.com/services/oauth2/authorize.
      • For scratch or sandbox orgs, use https://test.salesforce.com/services/oauth2/authorize.
    • Access Token URL: Enter the token URL, and note that the URL is different if you're using a Developer org versus a scratch org or sandbox.
      • For a Developer org, use https://login.salesforce.com/services/oauth2/token.
      • For scratch or sandbox orgs, use https://test.salesforce.com/services/oauth2/token.
    • Client ID: Paste the consumer key that you saved from the external client app.
    • Client Secret: Leave this blank. (Using PKCE enables you to omit the client secret).
    • Code Challenge Method: Select SHA-256.
    • Code Verifier: Leave blank (automatically generated).
    • Scope: api sfap_api refresh_token einstein_gpt_api
    • State: Leave blank.
    • Client Authentication: Select Send client credentials in body.
  • Click Get New Access Token. A browser window opens for Salesforce authentication.
  • Log in with your Salesforce credentials if needed, and authorize the application when prompted.
    • Note: you may need to enable pop-up windows in your browser.
  • When you return to Postman, click the Use Token button if presented with the Manage Access Tokens modal window so that Postman can capture and use the token.

You can now test the connection to the MCP server using Postman's request features. If you’re interested in this, jump to this next step.

Claude

Since Anthropic authored the MCP specification, Claude has strong support for the MCP protocol and works well for developer testing. The paid versions of Claude are easiest to configure, though developer modes exist that can work with a free account—as long as you also install Node and mcp-remote.

Paid Versions of Claude

In paid versions of Claude, you use connectors to connect the client to MCP servers. This does not require any software to be installed locally.

  1. Go to Settings | Connectors, then
    1. If you’re on a Team or Enterprise plan, select Organization connectors.
  2. Click Add custom connector.
  3. Enter a name for the connector.
  4. Enter the server URL, and substitute the SERVER-NAME from the list of available servers as appropriate. Also, note that the first part of the URL is different if you're using a Developer org versus a scratch org or sandbox.
    1. For a Developer org, use https://api.salesforce.com/platform/mcp/v1-beta.2/SERVER-NAME.
    2. For scratch or sandbox orgs, use https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/SERVER-NAME.
    3. Example: to use the sobject-all server in a scratch org, enter https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/platform/sobject-all.
  5. In Advanced settings, paste the consumer key you copied from the external client app in OAuth Client ID, then click Add.
  6. Click Connect next to the connector you created.
    1. Claude will redirect to the org containing the External Client App created in the previous step. If you’ve logged in already, the user challenge is skipped and the flow proceeds forward, obtaining an access token and sending it back to Claude.

If authentication completed successfully, you can also click Configure to configure the tools available in the MCP server you’ve chosen, allowing you to adjust permission settings.

Using Claude Desktop in Developer Mode

Claude Desktop can be configured using an extension, which makes it easier to specify the options needed to authenticate.

Note: this option requires Node and mcp-remote to be installed. See the security note above re: the implications of doing this.

  1. Download salesforce-hosted-mcp-servers.mcpb from this GitHub repository. This is the extension for Salesforce Hosted MCP Servers.
  2. Double-click the salesforce-hosted-mcp-servers.mcpb file. The Claude desktop client opens and shows the Salesforce extension.
  3. Click Install.
  4. Enter the URL of the desired server in Server URL, and substitute the SERVER-NAME from the list of available servers as appropriate. Also, note that the first part of the URL is different if you're using a Developer org versus a scratch org or sandbox.
    1. For a Developer org, use https://api.salesforce.com/platform/mcp/v1-beta.2/SERVER-NAME.
    2. For scratch or sandbox orgs, use https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/SERVER-NAME.
    3. Example: to use the sobject-all server in a scratch org, enter https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/platform/sobject-all.
  5. In Consumer Key, paste the consumer key that you saved from the external client app, then click Save. A toggle to enable the extension appears.
  6. Enable the extension using the toggle.
    1. If you encounter an error, quit and restart Claude.

You can now test the client’s connection to the MCP server using Claude’s chatbot features.

Cursor (Developer Mode)

Cursor is an AI-driven code editor that supports MCP.

Note: this option requires Node and mcp-remote to be installed, since it is not possible to supply the Client ID in the configuration any other way. See the security note above re: the implications of doing this.

  1. Select Cursor | Settings | Cursor Settings | MCP
  2. Click New MCP Server. This creates a file called mcp.json.
  3. Replace the contents of mcp.json file with this code.
{
    "mcpServers": {
        "Salesforce": {
            "command": "npx",
            "args": [
                "-y",
                "[email protected]",
                "https://api.salesforce.com/platform/mcp/v1-beta.2/SERVER-NAME",
                "8080",
                "--static-oauth-client-info",
                "{\"client_id\":\"CONSUMER-KEY\",\"client_secret\":\"\"}"
            ]
        }
    }
}
  1. Replace placeholder values in the mcp.json file.
    1. If you're connecting to a scratch or sandbox org, change the URL to https://api.salesforce.com/platform/mcp/v1-beta.2/sandbox/SERVER-NAME.
    2. Replace SERVER-NAME with a server name from the list of available servers.
    3. Replace CONSUMER-KEY with the consumer key that you saved from the external client app.

This example mcp.json file is configured to connect Cursor to the sobject-all server in a Developer org.

{
    "mcpServers": {
        "Salesforce": {
            "command": "npx",
            "args": [
                "-y",
                "[email protected]",
                "https://api.salesforce.com/platform/mcp/v1-beta.2/platform/sobject-all",
                "8080",
                "--static-oauth-client-info",
                "{\"client_id\":\"123my456consumer7890key\",\"client_secret\":\"\"}"
            ]
        }
    }
}

You can now test the client's connection to the MCP server using Cursor’s sidebar. The sidebar uses a natural language chatbot-style interface.

Troubleshooting with Cursor

MCP is early in its evolution, and different clients have different levels of maturity. If you run into trouble with Cursor, try the following:

  • Quit and restart Cursor; that can help the process it uses to recognize the server and its tools.
    • Force quit if necessary.
  • Toggle the server on Cursor’s MCP Servers settings page a few times, waiting a few minutes in between each toggle.
  • Clear the local auth cache by executing rm -rf ~/.mcp-auth on the command line or in Terminal.

Next Step

Next, you will test your MCP client.

Clone this wiki locally