Egnyte offers its users the ability to connect to external AI connectors in order to bridge the gap between Egnyte and widely used productivity tools.
This guide walks Egnyte admins through connecting Salesforce as an AI Connector using the Model Context Protocol (MCP). Once configured, users can query, read, create, and update Salesforce records directly from Egnyte's AI Assistant.
Skip Ahead To...
Prerequisites
Create the External Client App in Salesforce
Activate the MCP Server in Salesforce
Create the Salesforce Connector in Egnyte
Configure Tool Permissions
Troubleshooting
Prerequisites
- A Salesforce org with System Administrator access (required to create External Client Apps and activate MCP Servers).
- Egnyte admin privileges (Power User role or higher).
- Access to the Salesforce Setup interface and permission to receive verification emails on the administrator's email address.
- Salesforce's MCP feature requires a dedicated External Client App and an activated MCP Server in your Salesforce org. The Salesforce connector is added as a custom connector in Egnyte until it becomes available as a pre-loaded connector in the Egnyte catalog.
- If Egnyte MCP is already available in the Installed Apps list, skip creating the external client app in Salesforce and proceed directly to publishing the Salesforce connector in Egnyte.
Create the External Client App in Salesforce
The first step is to create a new External Client App in Salesforce. This app generates the Consumer Key (Client ID) and Consumer Secret (Client Secret) that Egnyte will use to authenticate, and it holds the OAuth scopes that authorize access to the Salesforce-hosted MCP server.
- Log in to the Salesforce org, click on the gear icon -> Setup
- Search for External Client App Manager in the side panel on the left.
- Click on New External Client App.
- Fill the basic information:
- External Client App Name: Egnyte MCP (or any other name of choice). API name will be auto-populated based on the external client app name entered
- Contact Email: The Salesforce administrator's email address
-
Distribution State: Local (unless the org requires another value)
- Expand API (Enable OAuth Settings) and click the checkbox for Enable OAuth.
- Configure the OAuth settings:
- Callback URL: Enter a temporary placeholder. This will be replaced with the real Egnyte redirect URL while publishing the connector
-
OAuth Scopes: Select the following scopes:
- Perform requests at any time (refresh_token, offline_access)
- Access Salesforce hosted MCP servers (mcp_api)
-
Security: Check Require Proof Key for Code Exchange (PKCE) and Issue JSON Web Token (JWT)-based access tokens for named users
- Click on Create to save the External Client App.
- The app will be created. Navigate to Settings and click on Consumer Key and Secret under OAuth Settings.
- The verification code will be sent to the email address. Enter the code and click on Verify. Copy the Consumer Key (Client ID) and Consumer Secret (Client Secret) and store them securely.
Activate the MCP Server in Salesforce
Salesforce exposes multiple MCP servers, each scoped to a different set of objects and operations. Admins must activate the server they want to connect to in order to generate its public URL.
- In Salesforce Setup, use the Quick Find box to search for MCP Servers and open the page.
- Click on the server to open the details.
- Click on Activate
- Once the server is activated, copy the server details
The exact URL may differ by region or org. Always copy the URL shown on the MCP Server’s page rather than typing it manually. If the Admin activates a different server, the URL path will reflect that server's name.
Create the Salesforce Connector in Egnyte
If Egnyte MCP is already available in the Installed Apps list, skip creating the external client app in Salesforce and proceed directly to publishing the Salesforce connector in Egnyte.
For Salesforce AI Connector, select the authentication type as OAuth Client ID. The Client ID and Client Secret generated earlier will be used. Click on Generate Redirect URL and copy the Redirect URL.
Return to Salesforce. Open External Client App Manager, open the app created earlier. Navigate to Settings > OAuth Settings, click Edit, and replace the Callback URL with the Egnyte redirect URL. Click Save.
Salesforce requires approximately 6-7 minutes for Redirect URL changes to propagate after they are saved on the External Client App. If the admins run Test configuration in Egnyte immediately after updating the Redirect URL in Salesforce, authentication will fail with a redirect_uri_mismatch error.
Navigate back to Egnyte and click on Test Configuration. Complete the Salesforce OAuth authorization. Admins will be redirected to Salesforce to log in and verify their identity. Approve the access request.
Configure Tool Permissions
The exact tools shown depend on the Salesforce MCP server activated earlier. Activating the subject-all server exposes a broad set of tools covering standard Salesforce record operations, including:
- Query Salesforce objects (accounts, contacts, opportunities, leads, cases, and other standard and custom objects)
- Read individual records by ID
- Create new records
- Update existing records
Other Salesforce MCP servers expose narrower toolsets scoped to specific objects. Review the tool list shown in Egnyte and confirm it matches the expectations from the activated server.
Admins can set permissions for each tool by selecting either Allow unsupervised or Always ask permission.
The subject-all server exposes write tools (create and update record operations). It is strongly recommended to set write tools to Always ask permission so users can confirm before the AI modifies Salesforce data. Read-only tools (query and read operations) are safe to set to Allow unsupervised.
Refer the steps to publish the connector, editing the connector, along with the other Admin actions.
Troubleshooting
Redirect_uri_mismatch Error During Test Configuration
Salesforce takes approximately 6-7 minutes to propagate Callback URL changes on an External Client App. Wait at least 7 minutes after saving the updated Callback URL in Salesforce before clicking Test configuration in Egnyte. If the error persists past 10 minutes, verify the Callback URL in Salesforce matches the Egnyte-generated redirect URL exactly, including the trailing path and no extra spaces.
Cannot Find the MCP Servers Page in Salesforce
MCP Servers is a Salesforce platform feature that may not be available in every Salesforce edition. Confirm that the edition supports Salesforce-hosted MCP servers and that the feature is enabled for the org. Contact Salesforce support if the page is missing.
Insufficient_scope Errors when Tools are Invoked
The External Client App may be missing the mcp_api scope or the refresh_token scope. Return to External Client App Manager, open the app, and verify both scopes as mentioned earlier are selected. After updating scopes, users may need to disconnect and reconnect the Salesforce connector for the new scopes to take effect.
Verification Code Email not Received
When viewing OAuth Settings on a newly created External Client App, Salesforce sends a verification code to the administrator's email. Check spam folders, confirm the Contact Email on the app is correct, and request the code again if needed.
Tools Return Empty Results or No Access Errors
Salesforce tools respect the connected user's object and field-level security. If the user cannot see an object or record in Salesforce directly, the AI Assistant cannot access it either. Confirm the user's profile and permission sets in Salesforce.