Salesforce External MCP Server
Enables Agentforce agents to retrieve order status and loyalty points from external systems via OAuth 2.0 secured MCP endpoints hosted on AWS.
README
Salesforce External MCP Server — AWS Hosted
A Python FastAPI MCP server deployed on AWS EC2 with nginx reverse proxy and Let's Encrypt SSL, registered as an External MCP Server inside Salesforce and called by an Agentforce Employee Agent ("A[...]
Business Problem
Enterprises need Agentforce to reach external systems that aren't natively connected to Salesforce — legacy CRMs, loyalty platforms, custom order systems. This proves the pattern end to end: host[...]
Architecture

How It Works
- Agentforce Employee Agent ("AWS") has the MCP tools registered as available actions
- User asks something like "What's the status of order 1001?"
- Agent matches intent to the
get_order_statustool - Salesforce authenticates via OAuth 2.0 Client Credentials against
/token - Authenticated call routes through Named Credential to
/mcp - nginx terminates SSL, reverse proxies to uvicorn on port 8000
- FastAPI server processes the MCP JSON-RPC call, returns structured data
- Agent composes a natural language reply
Tools Exposed
| Tool | Input | Output |
|---|---|---|
| get_order_status | order_id | status, carrier, eta |
| check_loyalty_points | customer_id | points, tier |
Salesforce Components
| Component | Type | Purpose |
|---|---|---|
| AWS | Agentforce Employee Agent | Calls the MCP tools as actions |
| NorthstarMCP | External Credential | OAuth 2.0 Client Credentials auth |
| NorthstarMCP | Named Credential | Secure endpoint URL |
| NorthstarMCP | External Service Registration | MCP tool registration |
| Agentforce Agent AWS Permissions | Permission Set | Grants agent access to MCP tools |
OAuth 2.0 Configuration
| Field | Value |
|---|---|
| Flow | Client Credentials with Client Secret |
| Identity Provider URL | https://northstar-mcp.mooo.com/token |
| Scope | mcp.read |
| Named Credential URL | https://northstar-mcp.mooo.com/mcp |
| Principal | MCPAuthentication |
Live Verification
curl https://northstar-mcp.mooo.com/
{"status":"ok","info":"Dummy MCP server. POST /token for OAuth, POST /mcp for MCP JSON-RPC."}
Verified live on AWS EC2 — uvicorn process confirmed running, nginx confirmed listening on 443 with valid Let's Encrypt certificate.
Problems Faced & How They Were Solved
| Problem | Root Cause | Fix |
|---|---|---|
| Salesforce couldn't reach localhost server | Not internet-accessible | Deployed to AWS EC2 with public domain |
| Salesforce rejecting HTTP connection | No SSL configured | nginx reverse proxy with Let's Encrypt via Certbot |
| Agent couldn't call the tools | Permission Set missing agent access | Created Agentforce Agent AWS Permissions with agentAccesses enabled |
Prerequisites
- Salesforce org with Agentforce + MCP Server registration enabled
- Domain with DNS pointed to your server
- AWS EC2 instance, nginx, Certbot
- Python 3.9+, FastAPI, uvicorn
Deployment
# Python server (on EC2)
pip3 install -r requirements.txt
python3 external_dummy_mcp_server.py
# SSL setup (one-time)
sudo certbot --nginx -d northstar-mcp.mooo.com
# Salesforce metadata
sf project deploy start --manifest package.xml
sf org assign permset --name Agentforce_Agent_AWS_Permissions
Admin Configuration
| Step | Action |
|---|---|
| 1 | External Credential → add Client Secret for MCPAuthentication principal |
| 2 | Verify Named Credential URL points to /mcp endpoint |
| 3 | Confirm both tools show Active under MCP Servers |
| 4 | Add MCP tools to Agent → Actions |
| 5 | Activate the Agent |
Demo
Salesforce MCP Server registration

Agent action configuration

Live agent response

Production Considerations
| Area | Current State | Production Fix |
|---|---|---|
| Data layer | In-memory Python dicts | Real database (RDS/PostgreSQL) |
| Credentials | Hardcoded in code | AWS Secrets Manager or env vars |
| Process management | Manual uvicorn process | systemd service for auto-restart |
Key Insight
Most demos show an AI agent calling into Salesforce. This shows a Salesforce Agentforce agent calling OUT to an externally hosted MCP server with proper SSL and OAuth — proving Agentforce can i[...]
Tech Stack
- Salesforce Agentforce (Employee Agent)
- External Service Registration (Model Context Protocol)
- Named Credentials + External Credentials (OAuth 2.0)
- Python FastAPI · AWS EC2 · nginx · Let's Encrypt
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.