Skip to main content
Runlayer Deploy Required: This server requires Runlayer Deploy to be enabled.
Connect your AI assistant to Salesforce for CRM data queries, record management, and schema exploration. Uses Salesforce OAuth for authentication.

Available Tools

ToolDescription
queryExecute SOQL queries against Salesforce
searchSearch across objects using SOSL
list_objectsList all available sObjects in the org
describe_objectGet field details, relationships, and metadata for an sObject
get_recordRetrieve a single record by ID with optional field selection
create_recordCreate a new record on any sObject
update_recordUpdate fields on an existing record
delete_recordDelete a record (moves to Recycle Bin)
get_limitsView org governor limits and usage

Setup

1

Create a Connected App in Salesforce

  1. In Salesforce Setup, go to App Manager (or External Client App Manager)
  2. Click New Connected App (or New External Client App)
  3. Fill in:
    • Connected App Name: Runlayer MCP
    • Contact Email: your email
  4. Under OAuth Settings:
    • Enable OAuth Settings: checked
    • Callback URL: https://<your-tenant>.runlayer.com/oauth/callback
    • Selected OAuth Scopes: Full access (full) and Perform requests at any time (refresh_token, offline_access)
  5. Click Save
It may take up to 10 minutes for the Connected App to propagate in Salesforce.
2

Get Credentials

  1. After saving, go to the Connected App’s detail page
  2. Copy the Consumer Key (Client ID) and Consumer Secret (Client Secret)
3

Add Server in Runlayer

  1. In Runlayer, go to Catalog > Salesforce > Install MCP
  2. Check Custom OAuth credentials
  3. Enter your Client ID and Client Secret
  4. If connecting to a sandbox org, set Login URL to https://test.salesforce.com
  5. Click Deploy Server
4

Authorize

  1. Click Connect on the server page
  2. Log in with your Salesforce credentials and click Allow
Each user authorizes with their own Salesforce credentials. Queries and operations run with that user’s permissions and field-level security.

Configuration Reference

Required:
VariableDescription
SALESFORCE_OAUTH_CLIENT_IDConsumer Key from Connected App
SALESFORCE_OAUTH_CLIENT_SECRETConsumer Secret from Connected App
Optional:
VariableDescription
SALESFORCE_LOGIN_URLLogin endpoint (defaults to https://login.salesforce.com, use https://test.salesforce.com for sandboxes)

Troubleshooting

Verify the callback URL in your Connected App matches exactly: https://<your-tenant>.runlayer.com/oauth/callback (no trailing slash for Salesforce).
The Connected App must be created in the same org you are authenticating against. External Client Apps do not support cross-org OAuth flows.
Salesforce Connected Apps can take up to 10 minutes to propagate. Wait and retry the authorization.
Your Salesforce access token has expired (tokens last ~2 hours). Reconnect in Runlayer to get a fresh token. If you have refresh_token scope enabled, this should happen automatically.