How do I use Salesforce MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Salesforce MCP Server find all high-value opportunities closing this month" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Salesforce MCP Server

Setup

uv venv .venv
uv pip install --python .venv/bin/python -e .

Configuration

Set environment variables for authentication:

Username/Password (default):

SALESFORCE_USERNAME=your-username
SALESFORCE_PASSWORD=your-password
SALESFORCE_SECURITY_TOKEN=your-token
SALESFORCE_DOMAIN=login          # or "test" for sandbox

Note: SOAP API login is disabled by default in newer Salesforce orgs. To enable it:
Go to Setup → Quick Find → User Interface
Under API Settings, enable Enable SOAP API login()
Click Save

OAuth (alternative, recommended for enterprise):

SALESFORCE_ACCESS_TOKEN=your-token
SALESFORCE_INSTANCE_URL=https://your-instance.salesforce.com

Access Mode

Control which tools are available by setting SALESFORCE_ACCESS_MODE:

Value	Tools Available	Use Case
`read`	list_objects, describe_object, run_soql_query, run_sosl_search, get_record	Safe exploration, reporting, read-only integrations
`read_write`	All read tools + create_record, update_record	Day-to-day CRM operations
`all` (default)	All tools including delete_record, tooling_execute, apex_execute, restful	Full API access

Recommended Security Levels

Environment	Recommended Mode	Rationale
Production (end users)	`read`	Prevents accidental data modification
Production (trusted ops)	`read_write`	Allows CRM data entry, blocks deletes and raw API
Sandbox / Development	`all`	Full access for testing and development
Demo / Exploration	`read`	Safe for exploring org structure and data

Set it in your environment or MCP server config:

SALESFORCE_ACCESS_MODE=read

Tip: When using this server with MintMCP, you can configure fine-grained per-tool permissions directly in MintMCP instead of using the env var. This gives you more granular control (e.g., allow create but not update) without needing to restart the server.

Tool Permissions by Access Mode

MCP tool annotations (readOnlyHint, destructiveHint) are set on each tool so MCP clients can enforce additional policies:

Tool	Access Mode	readOnlyHint	destructiveHint	openWorldHint
`list_objects`	read	true	—	—
`describe_object`	read	true	—	—
`run_soql_query`	read	true	—	—
`run_sosl_search`	read	true	—	—
`get_record`	read	true	—	—
`create_record`	read_write	false	—	—
`update_record`	read_write	false	—	—
`delete_record`	all	false	true	—
`tooling_execute`	all	false	—	true
`apex_execute`	all	false	—	true
`restful`	all	false	—	true

Run

.venv/bin/python -m salesforce_mcp

Tools

Tool	Description
`list_objects`	List all Salesforce objects in the org (with optional search filter)
`describe_object`	Get fields, relationships, picklist values, and record types for an object
`run_soql_query`	Execute a SOQL query
`run_sosl_search`	Cross-object full-text search via SOSL
`get_record`	Get a single record by ID
`create_record`	Create a new record
`update_record`	Update fields on an existing record
`delete_record`	Permanently delete a record
`tooling_execute`	Salesforce Tooling API (metadata, Apex classes, custom fields)
`apex_execute`	Call custom Apex REST endpoints
`restful`	Generic Salesforce REST API call