Fourth

Fourth AI Enablement · 2026

Custom Salesforce MCP
Kick-Off

Connecting AI to our CRM — what we're building, what we need, and how you'll use it

Dave Hayes, AI Enablement Lead • March 2026

The Vision

AI that speaks Salesforce — natively

We're building a custom MCP server that gives Claude, Copilot, and Teams direct, secure, real-time access to our Salesforce data. No copy-paste. No tab-switching. Ask the question, get the answer.

AI Clients

Claude · Cowork
Copilot · Teams

MCP

MCP Server

Azure Infrastructure
Secured · Scalable

REST API

Salesforce

Accounts · Contacts
Opps · Cases

What This Enables

From 10 clicks to one conversation

Sales

"What's closing this month and which deals need attention?"

CS

"Show me all open P1 cases for Marriott, ranked by age."

Marketing

"Which accounts haven't had outreach in 60 days?"

Ops

"Build me a pipeline report by region for Q2 forecast."

Finance

"What's total committed ARR for H1 across all regions?"

One server, every client. Claude, Copilot, and Teams connect identically — using your existing Microsoft identity. Same tool, every platform.

iQ

Part 1 of 2

What I Need
from IT

IT · Admin · BizApps

IT / Admin / BizApps  ·  1 of 2

Salesforce: Connected App & Object Access

 1 · Connected App
Create a Connected App in Salesforce Setup → App Manager
 What is a Connected App?
A Connected App is how we register the MCP server as an authorised caller of the Salesforce API — like giving it an official ID badge.

Without this, our server has no way to authenticate with Salesforce. Once created, it produces two values:
  • Consumer Key — the server's "username" with Salesforce
  • Consumer Secret — the server's "password" (stored in Azure Key Vault — never in code)
Enable OAuth scopes: api, refresh_token, openid
 Why these three scopes?
api — allows read and write access to Salesforce data via REST API.

refresh_token — keeps the connection alive without re-authenticating. API tokens expire every 15 minutes; this lets the server silently renew them automatically.

openid — confirms the identity of the service account. Required for JWT-based machine-to-machine auth so no human login is needed.
Share Consumer Key + Secret securely — directly into Azure Key Vault, not email
 How do we keep credentials secure?
Credentials go directly into Azure Key Vault, a managed secrets service. Only the MCP server can retrieve them at runtime — no developer holds the secret in plain text, and rotation is straightforward if credentials are ever compromised.
 2 · Objects & Field Access
Confirm standard objects in scope: Accounts, Contacts, Opportunities, Cases
 What does 'in scope' mean?
We need to agree which Salesforce objects and fields the AI is allowed to see before we write a line of code. Every object added increases capability but also expands the permission surface.

Starting recommendation: read access on Accounts, Contacts, Opportunities, Cases. Write access only on Opportunities (stage/date) and Cases (status/notes). We expand from here based on department feedback.
List custom objects or fields departments need AI to access
 Why custom objects matter
Salesforce standard objects are consistent across orgs. But Fourth has likely added custom objects specific to our business — renewal dates, product lines, region data, contract terms, etc.

We can't build what we don't know about. If a department's key workflow uses a custom object, they need to flag it in their follow-up call.
Confirm field-level security for the integration user — which fields are actually visible
 Field-level security explained
Even if a user can see an object (e.g. Accounts), Salesforce can hide specific fields based on profile — e.g. hiding Annual Revenue from junior reps.

The integration user has its own security profile. We need to verify that the fields departments want AI to answer questions about are actually visible to that profile. Otherwise AI answers will be missing data.
Confirm Salesforce instance URL (e.g. fourthco.my.salesforce.com) — needed before code is written
 Why do we need this upfront?
This is the base URL the server uses for every API call. It's visible on your Salesforce login page and in Setup → Company Information. Simple to find, but needed before development starts.

IT / Admin / BizApps  ·  2 of 2

Salesforce: Integration User & API Security

 3 · Integration User & Permissions
Create a dedicated service account (e.g. ai-mcp@fourth.com)
 What is the integration user?
A dedicated Salesforce service account used only for system-level and admin operations — not for user-facing queries.

User-facing queries use the individual's own Salesforce identity via OAuth On-Behalf-Of (OBO). The service account is only used for:
  • Admin tools needing org-wide context (e.g. org-level reporting)
  • Background/scheduled jobs that run without a user present
  • Provisioning and health checks
For every query a Fourth staff member makes through AI, Salesforce sees them as the caller — not this service account.
  Two Locks — Per-User Permissions from Day 1
Lock 1 — Azure Entra ID

Controls who can connect to the MCP server. Only authenticated Fourth staff in Entra can talk to the tool. This is the identity boundary.

Lock 2 — Your Salesforce Profile

The MCP server calls Salesforce as you — via OAuth On-Behalf-Of (OBO). Your own profile, field-level security, and record sharing rules apply. If you can't see a field in Salesforce directly, you can't see it through AI either.

 This is the Day 1 architecture — no shared service account for user queries. Every request is authenticated to the individual making it.

Assign permission sets for objects in scope — conservative start, expand with dept feedback
 What permissions should the integration user have?
Start with minimum necessary:
  • Read: Accounts, Contacts, Opportunities, Cases, Activities
  • Edit: Opportunities (stage, close date), Cases (status, notes)
  • No admin access, no billing, no HR, no setup access
We add permission sets incrementally. Expanding is easy. Over-permissioning is a risk to avoid upfront.
MFA exemption for the service account (certificate-based auth — no human login required)
 Why MFA exemption?
The integration user authenticates automatically via a signed certificate (JWT Bearer Flow) — there's no human to click a push notification.

Salesforce supports a Connected App policy exemption for service accounts using certificate-based auth. This is the standard approach for all Salesforce API integrations.
 4 · API & Security
Current API call limits and headroom — MCP will add AI-driven queries on top of existing usage
 Will MCP use a lot of API calls?
Salesforce has daily API call limits. Each AI query typically triggers 1–5 API calls depending on complexity.

With moderate usage (50 users, ~10 queries/day) that's ~500–2,500 calls/day. Most Enterprise orgs have 100k–1M calls/day available, so headroom is usually fine — but we need to confirm before go-live.
IP allowlisting — we provide Azure Container App egress IPs once deployed
 Why IP allowlisting?
Some Salesforce orgs restrict which IP addresses can make API calls. We'll need to add the Azure Container App's outbound IP range to Salesforce's trusted IPs — or disable the restriction on the integration user's profile. We'll supply the exact IPs once Azure is provisioned.
Confirm API version in use (default is fine — just flag if org is on a specific version)
 Does the API version matter?
Salesforce REST API is versioned (e.g. v59.0). We default to the current stable version, but if your org has restrictions or customisations tied to a specific version, we need to know. This is a minor point but worth confirming early.

  Target for IT: Connected App + integration user provisioned within Week 1–2. This unblocks all server development. Everything else (Entra, Key Vault, IP allowlisting) can follow in parallel.

IT / Admin / BizApps

Azure & Identity Requirements

Entra ID App Registration

Create (or permission Dave to create) an App Registration in Azure Entra ID
Expose API scope: api://salesforce-mcp/access
Pre-authorise Claude.ai and Copilot client app IDs
Provide Tenant ID and confirm M365 admin approval path for Copilot Studio

Azure Infrastructure

Confirm Azure subscription and resource group for MCP workloads
Provision or confirm access to Azure Container Apps environment
Azure Key Vault — for SF private key and client credentials (no hardcoded secrets anywhere)
Confirm Copilot Studio access — this requires M365 admin and is the longest lead item

  Copilot Studio heads-up: Registering the MCP server with Copilot/Teams requires M365 tenant admin approval. Flag this early — it's typically the longest item in the queue. Claude and Cowork can go live independently while we wait.

iQ

Part 2 of 2

What I Need
from You

Sales · Customer Success · Marketing · Operations · Finance

Department Teams

Five questions for every team

Your answers define what we build. The more specific, the better the tool.

01

Where do you waste the most time in Salesforce today?

Searching for data, running reports, copy-pasting into emails, updating fields — what's the grind?

02

What questions do you ask Salesforce every week?

Pipeline status, account health, case counts, activity logs, campaign engagement — what are you always looking up?

03

What Salesforce data lives in emails and spreadsheets instead?

If you're pulling CRM data into Excel or Slides manually, that's an MCP workflow waiting to happen.

04

What records do you update most often?

Stage changes, case notes, contact updates, campaign statuses — what would you update by voice if you could?

05

What custom objects or fields matter most to your team?

Standard objects are a given. What's Fourth-specific — renewal dates, segment fields, contract terms — that must be included?

What's Possible

Example workflows by department

TeamExample PromptWhat the MCP Does
 Sales "What's our pipeline for Q2 in EMEA?" Queries opps by region, summarises by stage, flags at-risk deals
 CS "Show open P1 cases older than 3 days" Filters cases by priority and age, surfaces contact + account context
 Marketing "Which accounts haven't had outreach in 60 days?" Queries LastActivityDate, filters by owner, returns prioritised list
 Ops "List accounts with no activity in 30 days" SOQL on LastActivityDate, returns account list with owners for follow-up
 Finance "What's committed ARR for H1?" Aggregates closed-won opps by close date, formats for reporting
 All Teams "Update deal X to Negotiation stage" Confirms intent → updates Salesforce record → confirms back to user

Skills & Plugins

Department tools built on top of the MCP

The MCP provides raw capability. Skills and plugins wrap it in department-specific intelligence — so Claude knows how to answer Sales differently from CS or Marketing.

MCP Server

Raw tools: query, create, update, search. Shared infrastructure for all teams.

Dept Skills

Routing logic + workflow patterns per team. Sales, CS, Marketing, Ops, Finance each get their own.

Plugin Bundle

MCP + Skills packaged as a Cowork plugin. One install, full capability for your team.

Department teams define the Skill. The more specific your workflows and pain points today, the more precisely Claude behaves for your team. This is what the follow-up calls are for.

Next Steps

What happens after this meeting

IT / BizApps

1

Connected App created

Consumer Key + Secret shared securely via Key Vault

2

Integration user provisioned

Service account + initial minimum permission sets ready

3

Entra ID App Registration

Azure resource group confirmed; App Registration created; Tenant ID shared

4

Copilot Studio access confirmed

M365 admin path agreed — longest lead item, start now

Dept Teams

1

Answer the 5 questions

Submit workflows, pain points, and example prompts to Dave

2

Name your pilot users

2–3 people per dept for early testing in Weeks 7–8

3

30-min follow-up call

Dave schedules individually with each team to design their Skill

Fourth

One integration.
Every team. Every AI.

Questions? Let's dig in.

David Hayes • david.hayes@fourth.com • Powered by iQ

Press or Space to navigate