Agentic Enterprise - ChatGPT MCP

How to Connect Salesforce with ChatGPT using Hosted MCP Servers

A practical, step-by-step guide to enabling ChatGPT to read, query, and create Salesforce data through the Model Context Protocol, using Salesforce Hosted MCP Servers, External Client Apps, OAuth, and real demo screenshots.

10 min readPublished April 20, 2026By Shivam Gupta
Shivam Gupta
Shivam GuptaSalesforce Architect and founder at pulsagi.com
Diagram showing Salesforce connecting to ChatGPT through a Hosted MCP Server with OAuth and secure MCP access

Salesforce data and actions flow to ChatGPT through a Hosted MCP Server, OAuth, and a governed MCP connection.

Introduction

Salesforce Hosted MCP Servers make it possible for AI clients like ChatGPT to connect directly to Salesforce through the Model Context Protocol (MCP). Instead of building middleware or a custom API wrapper, you activate a Salesforce-managed server, create an OAuth-enabled External Client App, and point ChatGPT at the server URL.

The important part is governance. The AI client does not bypass Salesforce security. Tool calls run through Salesforce authentication, object permissions, field-level security, and sharing rules for the user who authorized the connector.

What this enables: after setup, you can ask ChatGPT questions like "Get me the Shivam Gupta Pvt Ltd account information" or "List all Salesforce Accounts in a table" and receive live, structured data from Salesforce.

Prerequisites

Before starting, confirm that the following pieces are available.

Requirement Details
Salesforce org A Developer Edition, sandbox, scratch org, or production org where Hosted MCP Servers are available, plus administrator access to Setup.
External Client App access You need permission to create an External Client App. Salesforce explicitly documents that Connected Apps are not supported for Hosted MCP client authentication.
ChatGPT developer mode ChatGPT supports MCP servers through developer mode apps/connectors. The UI may refer to this as an app or connector.
MCP server choice Start with the narrowest server that fits the use case. For read-only tests, use platform/sobject-reads. For create/update/delete demos, use a write-capable server such as platform/sobject-all only in a safe org.
Scratch org note: Salesforce documents that External Client Apps cannot be created directly in scratch orgs through the Setup UI. Create the app in a developer hub org, add it to a package, and install that package in the target scratch org.

Step 1: Activate MCP Servers

Salesforce Setup

MCP servers are disabled by default. An administrator must explicitly activate the required servers before ChatGPT or any other MCP client can connect.

  1. In Setup, enter MCP Servers in Quick Find, then select MCP Servers under API Catalog.
  2. Review the available servers and choose the server that matches your pilot use case.
  3. Toggle on only the servers your team needs.
  4. Wait up to two minutes for activation to propagate before testing the connection.

For a custom MCP server, the Details tab shows the API name, description, server URL, status, tool count, and prompt count. Copy the server URL because you will paste it into ChatGPT later.

Salesforce Setup showing an active custom MCP server named ShivamTestMCP with server URL and creation details
Custom MCP Server Details: the Details panel shows the API name, description, active status, server URL, and creation metadata. The Authentication Details section contains the URL used by ChatGPT.
Server URL pattern: production URLs use https://api.salesforce.com/platform/mcp/v1/<SERVER-NAME>. Sandbox and scratch org URLs include /sandbox/, for example https://api.salesforce.com/platform/mcp/v1/sandbox/platform/sobject-all. A custom server can appear as custom/ShivamTestMCP.

Step 2: Create an External Client App

Salesforce Setup

Salesforce requires an External Client App for Hosted MCP client authentication. The External Client App registers ChatGPT as an OAuth client and issues tokens that ChatGPT uses to call MCP tools on behalf of the authenticated Salesforce user.

  1. In Setup, enter external client in Quick Find, then select External Client App Manager.
  2. Click New External Client App.
  3. Fill in Basic Information, including app name and contact email.
  4. Expand API (Enable OAuth Settings) and select Enable OAuth.
  5. Paste the ChatGPT callback URL. You will copy this from ChatGPT Advanced settings while creating the app in Step 3. It looks like https://chatgpt.com/connector/oauth/<token>.
  6. In OAuth Scopes, include mcp_api and refresh_token.
  7. Under Security, select Issue JSON Web Token (JWT)-based access tokens for named users.
  8. Select Require Proof Key for Code Exchange (PKCE) extension for Supported Authorization Flows.
  9. Deselect the other Security options, including client credentials flow and secret requirements for web server or refresh token flows.
  10. Click Create, then open Settings and copy the consumer key from Consumer Key and Secret.
Salesforce External Client App Manager settings showing OAuth scopes and PKCE security settings for a ChatGPT MCP connector
External Client App OAuth Settings: include the Salesforce hosted MCP scope and offline access scope, then enable JWT-based tokens and PKCE. The Callback URL in this example came from ChatGPT Advanced settings.
Propagation delay: Salesforce notes that an External Client App can take up to 30 minutes to become available worldwide. If authentication fails immediately after creation, wait and retry before changing a correct configuration.

Step 3: Configure ChatGPT

ChatGPT Settings

ChatGPT supports Salesforce Hosted MCP Servers through developer mode apps/connectors. Create a new app and point it at the Salesforce MCP server URL.

  1. In ChatGPT, go to Settings - Apps - Create App.
  2. Enter a connector name, for example ShivamSalesforceTest.
  3. Enter an optional description, such as Demo App.
  4. In MCP Server URL, paste the Salesforce Hosted MCP Server URL from Step 1.
  5. Under Authentication, select OAuth.
  6. Open Advanced settings.
  7. Set Registration Method to User-defined OAuth client.
  8. Paste the Salesforce External Client App consumer key into OAuth Client ID.
  9. Copy the generated ChatGPT Callback URL and add it to the Salesforce External Client App if you have not already done so.
  10. Click Create.
ChatGPT New App dialog showing Salesforce MCP Server URL, OAuth authentication, OAuth client ID, and callback URL settings
ChatGPT New App configuration: the MCP Server URL points to Salesforce, authentication is set to OAuth, and the callback URL shown in Advanced settings is the value to paste into the Salesforce External Client App.
CIMD warning: if ChatGPT shows an orange warning that CIMD is unavailable because the server did not advertise CIMD support, it does not block the Salesforce Hosted MCP connection shown here.

Step 4: Authorize and Connect

OAuth Flow

After the connector is created, authorize it through the Salesforce OAuth flow. This creates the per-user token ChatGPT uses when calling Salesforce MCP tools.

  1. In ChatGPT, locate the connector you created and click Connect.
  2. Review the ChatGPT permission summary.
  3. Confirm that permissions remain governed by Salesforce and that access can be revoked.
  4. Click Continue to ShivamSalesforceTest.
  5. Log in to Salesforce and approve the OAuth request.
ChatGPT OAuth consent screen for a Salesforce connector with permission notices and Continue button
ChatGPT OAuth consent screen: ChatGPT explains permission behavior before redirecting to Salesforce. After the Salesforce OAuth approval, the connector becomes active.

Once OAuth completes, the Salesforce connector appears in the ChatGPT prompt area. Select it from the plus button when you want ChatGPT to use Salesforce tools.

Step 5: Test the Connection

Live Demo

With the connector active, send focused natural-language prompts and confirm the tool behavior. ChatGPT shows a confirmation card before executing Salesforce tool calls, which gives you visibility into what will be read or changed.

Query a specific account record

Start with a narrow read-only prompt such as provide the account details for Shivam Gupta Pvt Ltd. ChatGPT identifies the right Salesforce MCP tool, asks for confirmation, and retrieves live record data.

ChatGPT showing a Salesforce MCP tool confirmation card before querying an account record
Tool confirmation: ChatGPT shows the data it plans to share with the Salesforce connector before running the query. This is the point where the user can approve or stop the tool call.
ChatGPT displaying structured Salesforce account data for Shivam Gupta Pvt Ltd including Account ID, Website, Phone, and Business Details
Account record response: after approval, ChatGPT returns structured Salesforce data including Account ID, Name, Phone, Website, and business details.

List accounts in a table

You can ask ChatGPT to retrieve multiple records and format the result. Specify the exact fields you want to keep the output useful and minimize unnecessary data exposure.

ChatGPT displaying a table of Salesforce Accounts with Name, Type, Industry, Phone, and Website columns
Account list as a table: ChatGPT called the Salesforce MCP tool and rendered only the requested fields: Name, Type, Industry, Phone, and Website.

Create a new Salesforce record

If your MCP server includes write tools, such as platform/sobject-all, ChatGPT can also create records. Keep this in a sandbox or tightly governed pilot until the process is proven.

ChatGPT confirming that a new Salesforce Account named Persistent Systems Ltd was created successfully with an Account ID
Record creation confirmation: Salesforce created the new Account record and returned the new Account ID. Salesforce validations, required fields, object permissions, field-level security, and sharing behavior still apply.
Write actions require caution: create, update, and delete operations should stay behind explicit user review during early rollout. Automate write behavior only after you have monitoring, ownership, and rollback patterns in place.

Step 6: Use Prompt Templates

Optional - Prompt Builder

Hosted MCP Servers can expose Prompt Builder templates as MCP prompts. This lets ChatGPT use curated Salesforce prompt templates as structured starting points, with CRM data merged by Salesforce before the model responds.

Common prompt template examples include account review briefings and revenue reconciliation analysis.

Template API Name What it does
Create Executive Briefing for Account Review Meeting einstein_gpt__accountReviewBriefing Generates an executive briefing for an account review meeting by summarizing recent opportunities, cases, and public information about the account.
Revenue Reconciliation Analysis einstein_gpt__revenueReconciliationAnalysis Finds discrepancies between financial accounting records and closed deals in Salesforce.
  1. Enable Prompt Builder in Salesforce Setup if it is not already enabled.
  2. In ChatGPT, click the + button in the prompt area and select the Salesforce connector.
  3. Select the Salesforce prompt template you want to use.
  4. Enter the required input, such as an account name.
  5. Add the prompt, review it, and send it.
Prompt templates bring CRM context: a Prompt Builder template can merge live Salesforce data, related records, flows, or Apex-backed context before ChatGPT generates the final answer.

Best practices

  • Start read-only: use platform/sobject-reads or a narrow custom server for the first pilot.
  • Use minimum OAuth scopes: include mcp_api and refresh_token unless a documented use case requires more.
  • Activate only what you need: enable only the servers required by the active use case.
  • Respect Salesforce permissions: MCP enforcement depends on the connected user's Salesforce permissions, sharing model, and field-level security.
  • Prefer custom servers for production: persona-specific tool sets are safer and easier for AI clients to choose from than broad generic tool access.
  • Monitor tool usage: track which tools are called, how often, and by which users.
  • Keep write actions reviewed: create, update, delete, approval, and send-message actions should require explicit review during rollout.
  • Test with Postman first: raw JSON tool responses are easier to debug than an LLM-mediated conversation.

References

Related resources

Headless 360

Salesforce Headless 360: Practical Setup Guide

Understand the broader Headless 360 platform direction, architecture map, admin setup, MCP examples, and governance model.
MCP

Salesforce Hosted MCP Servers (Beta)

Go deeper on the Hosted MCP Server model, server types, admin setup, and safe rollout guidance.
Resources

Search all articles

Use the Pulsagi article directory to find every Salesforce, Agentforce, and AI engineering guide.