Expose selected Salesforce data, SOQL queries, flows, Apex actions, Agentforce agents, prompt templates and other org assets under Salesforce authentication and permissions
Salesforce Sales Cloud / Platform
Curated anchor platform in crm and enterprise application platform with material relevance to the Marcom operating stack and a first-party developer surface.
Concrete capability record
Data, retrieval, actions, identity, and operating limits
A field-by-field summary of what the reviewed first-party references actually support. Publisher update dates and BYO-UI review dates are shown separately below.
Expose selected Salesforce data, SOQL queries, flows, Apex actions, Agentforce agents, prompt templates and other org assets under Salesforce authentication and permissions
Salesforce Sales Cloud / Platform's first-party MCP/agent surface includes state-changing tools in the documented capability area: Expose selected Salesforce data, SOQL queries, flows, Apex actions, Agentforce agents, prompt templates and other org assets under Salesforce authentication and permissions. The audit did not enumerate every mutation; verify the current tool catalog and require explicit confirmation for consequential actions.
For Salesforce Sales Cloud / Platform, the audited authentication model is: Authentication model is documented by the vendor; inspect the cited source before implementation. The effective permission model is: Existing vendor identity, account, tenant, and permission controls should be treated as the authorization boundary. Reconfirm the cited first-party source before implementation.
Require explicit human confirmation for costly, externally visible, destructive, or hard-to-reverse actions. Salesforce-hosted MCP servers became GA in April 2026. Profile must distinguish customer-configured org servers from Salesforce DX MCP, specialized product servers, Agentforce clients and MuleSoft infrastructure.
Salesforce-hosted MCP servers became GA in April 2026. Profile must distinguish customer-configured org servers from Salesforce DX MCP, specialized product servers, Agentforce clients and MuleSoft infrastructure.
First-party access
Documented surfaces
Agent access
MCP and adjacent posture
Role: provider
Read scope: Expose selected Salesforce data, SOQL queries, flows, Apex actions, Agentforce agents, prompt templates and other org assets under Salesforce authentication and permissions
Write scope: State-changing tools are present in the documented scope; review the official tool catalog and require confirmation for consequential actions.
Authentication: Authentication model is documented by the vendor; inspect the cited source before implementation.
Approval boundary: Require explicit human confirmation for costly, externally visible, destructive, or hard-to-reverse actions.
Confirm the current tool catalog, plan, region, scopes, rate limits, terms, and write behavior before implementation.
Editorial assessment
Access-maturity dimensions
A comparative architecture lens—not a quality score, market ranking, or buying recommendation. Scale: 1–5.
Proposed interfaces
What customers could build on top.
These are design proposals derived from documented access—not claims that Salesforce ships these experiences.
Single-platform patterns
- Account, pipeline, service, and workflow cockpit
- Account journey room
- Pipeline-quality debugger
- Customer expansion cockpit
Multi-platform compositions
- Salesforce Sales Cloud / Platform + marketing or intent platform: account journey room
- Salesforce Sales Cloud / Platform + conversation or support system + analytics or warehouse: cross-system decision workspace
Evidence and dates
First-party references, with publisher and review dates separated
“Publisher updated” is shown only when the page exposes an update date. “BYO-UI reviewed” records when this research checked the reference. A missing publisher date is reported as missing—not replaced with the review date.
7 recorded sources
Salesforce-hosted MCP servers became GA in April 2026. Profile must distinguish customer-configured org servers from Salesforce DX MCP, specialized product servers, Agentforce clients and MuleSoft infrastructure.
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Targeted first-party MCP/agent-role review; broader API inventory retained
First-party MCP documentation or product announcement recorded for this platform.
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Inventory source: structurally normalized; content was not individually reopened in this pass.
First-party API reference or API overview recorded for this platform.
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Inventory source: structurally normalized; content was not individually reopened in this pass.
First-party developer documentation or platform overview.
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Inventory source: structurally normalized; content was not individually reopened in this pass.
First-party webhook, event, SDK, embedded-app, or extension documentation.
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Inventory source: structurally normalized; content was not individually reopened in this pass.
First-party product homepage used to confirm product identity and current positioning.
- Publisher updated
- May 28, 2026
- BYO-UI reviewed
- Jul 10, 2026
Inventory source: structurally normalized; content was not individually reopened in this pass.
Salesforce Hosted MCP SObject servers expose SOQL query tools over standard and custom objects. Per-user OAuth, field-level security, object permissions, sharing rules, enabled server scope, query limits, and…
- Publisher updated
- Not stated by publisher
- BYO-UI reviewed
- Jul 10, 2026
Targeted first-party access review
Verified fact
Tied to the representative first-party source or targeted access review.
Source inventory
Official links recorded for deeper research but not necessarily reopened endpoint by endpoint.
Editorial assessment
System role, maturity interpretation, and architectural boundary.
Proposed design
Interface patterns and compositions—not vendor product claims.