How to Connect Salesforce to Claude Desktop in 5 Minutes
What if you could ask Claude about your pipeline, closed deals, or contact history — and get real answers from live Salesforce data?
Not a copy-paste from a dashboard. Not an export you uploaded yesterday. A direct connection to your CRM that lets you query contacts, summarize pipeline stages, and pull deal details in natural language — from inside Claude Desktop.
This is possible today with ACP (Agentic Control Plane) acting as the MCP gateway between Claude Desktop and Salesforce. ACP handles the identity verification, OAuth token management, audit logging, and data governance so you don’t have to build a custom Salesforce MCP server yourself.
Here’s how to set it up. Total time: about five minutes.
What you need
- An ACP Cloud account — free tier works, no credit card required
- A Salesforce account — any edition (Developer, Professional, Enterprise)
- Claude Desktop installed — download from Anthropic if you haven’t already
That’s it. No local server to run, no Docker containers, no API keys to generate manually.
Step 1: Create your ACP workspace
Sign up at cloud.agenticcontrolplane.com. You’ll create a workspace during onboarding — this is the namespace for your connectors, policies, and audit logs.
Pick a workspace slug you’ll recognize (e.g., acme-sales). This becomes part of your MCP endpoint URL, so keep it short and lowercase.
Once you’re in the dashboard, you’ll see the Data page listing available connectors. Salesforce is one of them.
Step 2: Connect Salesforce
Navigate to the Data page in the ACP dashboard. Find Salesforce in the connector list and click Connect.
This kicks off a standard OAuth 2.0 flow:
- You’re redirected to Salesforce’s login screen
- You authenticate with your Salesforce credentials
- You authorize ACP to access your Salesforce org
- You’re redirected back to the ACP dashboard
ACP stores the OAuth refresh token, not your password. The token is scoped to the permissions you granted and can be revoked from Salesforce at any time. If your org uses SSO or MFA, those requirements are enforced during the OAuth flow — ACP never sees your credentials.
Once connected, the Salesforce connector shows a green status in the dashboard. ACP can now query your Salesforce data on your behalf when Claude makes MCP tool calls.
Step 3: Copy your MCP endpoint URL
Go to Settings in the ACP dashboard. You’ll see your MCP endpoint URL:
https://api.agenticcontrolplane.com/your-workspace
Copy this URL. You’ll paste it into Claude Desktop’s configuration in the next step.
This is a Streamable HTTP MCP endpoint. It serves tool discovery, tool invocation, and streaming responses over a single URL. Claude Desktop connects to it like any other MCP server — but behind this URL, ACP is handling identity, authorization, and routing to your Salesforce org.
Step 4: Add the MCP server to Claude Desktop
Open your Claude Desktop configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Add the ACP server to the mcpServers object:
{
"mcpServers": {
"acp": {
"url": "https://api.agenticcontrolplane.com/your-workspace"
}
}
}
Replace your-workspace with the slug you chose in Step 1.
Save the file and restart Claude Desktop. When it starts, Claude will connect to your ACP endpoint and discover the available tools — including the Salesforce tools you just connected.
You should see the tools icon (hammer) in the Claude Desktop input area indicating that MCP tools are available.
Step 5: Start asking questions
Open a new conversation in Claude Desktop and try these:
Pipeline overview:
Show me all deals closing this month with a value over $50K.
Contact lookup:
What's the contact info for Acme Corp? Include the primary contact name, email, and phone.
Stage summary:
Summarize my pipeline by stage. How many deals are in each stage, and what's the total value?
Activity history:
What were the last 5 activities logged against the Globex account?
Custom reports:
Compare Q1 closed-won revenue to Q1 last year. Break it down by rep.
Claude sends these as natural language queries. ACP translates them into SOQL queries or Salesforce REST API calls, executes them against your connected org, and returns the results to Claude for summarization. You never write SOQL. You never manage API pagination. You ask a question and get an answer.
What’s happening under the hood
This isn’t just a proxy passing requests to Salesforce. ACP is an identity and governance layer — a control plane — that enforces security policies on every tool call. Here’s what happens each time Claude queries your CRM:
Identity verification. ACP verifies who is making the request. Your MCP session is bound to your authenticated identity, not a shared API key. This means the audit trail shows you asked for Acme Corp’s contact info, not “someone with access to the MCP endpoint.”
Scoped permissions. The Salesforce connector respects the OAuth scopes you granted. If you authorized read-only access, write operations are blocked at the control plane — before they reach Salesforce. You can further restrict which objects and fields are queryable from the ACP dashboard.
PII detection. ACP scans data flowing between Claude and Salesforce for sensitive patterns — Social Security numbers, credit card numbers, and other PII. If a Salesforce field contains data that shouldn’t be sent to an LLM, ACP can redact or block it based on your content safety policies.
Rate limiting. Per-user rate limits prevent runaway queries. If a prompt triggers an unexpectedly large number of API calls, ACP enforces the limit before you hit Salesforce API quotas. This protects both your Salesforce API allocation and your LLM token budget.
Token refresh. ACP manages the OAuth token lifecycle automatically. When your Salesforce access token expires, ACP uses the stored refresh token to obtain a new one — no manual intervention, no broken sessions. If the refresh token itself is revoked (say, by a Salesforce admin), ACP surfaces the error clearly so you can re-authenticate.
The audit trail
Every query Claude makes against your Salesforce data is logged. The audit trail captures:
- Who — the verified identity of the user who sent the prompt
- What — the specific tool call and parameters (e.g.,
salesforce.querywith the generated SOQL) - When — timestamp of the request and response
- What data was accessed — which objects and records were returned
- The governance decision — whether the call was allowed, blocked, or modified (e.g., PII redacted)
You can view the audit log from the ACP dashboard. Export it as JSON for your SIEM, compliance reviews, or incident investigations.
This is the part that matters for production use. When your security team asks “who accessed customer data through the AI assistant last Tuesday?” you have a concrete answer — not a guess based on who had the API key.
Beyond Salesforce
Salesforce is one connector. The same pattern works for any data source ACP supports:
- GitHub — query repos, issues, pull requests, and code search from Claude
- Slack — search message history, find conversations, post updates
- Jira — look up tickets, sprint status, and backlog priorities
- HubSpot — pull marketing contacts, deal pipelines, and campaign metrics
- Google Workspace — search Drive files, read documents, query spreadsheets
Each connector follows the same flow: click Connect in the dashboard, complete the OAuth flow, and the tools appear in Claude Desktop automatically. No configuration changes needed in claude_desktop_config.json — your single ACP endpoint serves all connected tools.
The free tier includes up to five connectors. Connect Salesforce, Slack, and Jira, and you have an AI assistant that can cross-reference a deal in your CRM with the support tickets in Jira and the conversation history in Slack — all from one prompt.
This is where the single-endpoint architecture pays off. A typical Salesforce MCP server gives you Salesforce access. A Jira MCP server gives you Jira access. But each one is a separate config entry, a separate auth flow, and a separate trust boundary. With ACP, one endpoint serves all your connectors, all governed by the same identity and policy layer. Claude doesn’t need to know which backend system has the answer — it discovers all available tools from a single MCP endpoint and ACP routes each call to the right connector.
For teams evaluating a Salesforce MCP server specifically, this is the key differentiator: ACP isn’t just connecting Salesforce to Claude. It’s providing the governance layer that makes that connection production-ready — identity-attributed, auditable, policy-enforced, and extensible to every other system your team uses.
Get started
- Sign up free at cloud.agenticcontrolplane.com
- Connect Salesforce (or any other data source)
- Paste your MCP endpoint into Claude Desktop
- Start asking questions
No local servers. No custom code. No unaudited API keys floating around in config files. Just a governed connection between your AI assistant and your business data.
Sign up free at cloud.agenticcontrolplane.com