MCP Integration for Salesforce, SAP, and NetSuite: A Practical Guide
A step-by-step guide to MCP integration for Salesforce, SAP, and NetSuite - setup, security, use cases, and connecting AI agents to your enterprise systems.
Mohammed Kafeel
Machine Learning Researcher
On this page
- What Is MCP (Model Context Protocol)?
- Why Are Enterprises Rushing to Adopt MCP?
- MCP Integration for Salesforce
- MCP Integration for SAP
- MCP Integration for NetSuite
- MCP vs. Traditional API Integration - Which Should You Choose?
- Security and Governance Best Practices
- Common Mistakes to Avoid
- Key Takeaways
- FAQ
- Useful Sources
What if your AI assistant could query your Salesforce CRM, pull a NetSuite invoice, and trigger an SAP workflow - all in plain English, with no custom code?
That's not a pitch. That's what MCP integration makes possible right now, in production, across some of the world's largest enterprise systems.
What Is MCP (Model Context Protocol)?
MCP is an open protocol that lets AI agents connect to external systems like databases, CRMs, and ERPs in a standardized, secure way.
Anthropic open-sourced MCP in November 2024. It's now hosted under the Linux Foundation, with SDKs in Python, TypeScript, Java, Kotlin, and C#.
What problem does MCP actually solve?
Before MCP: N×M custom integrations. With MCP: N+M. Each AI model connects once as an MCP client; each enterprise system exposes itself once as an MCP server. (If you're on the vendor side of this, see our guide to building an MCP server for your SaaS.)
The four key components
- MCP Client - the AI agent (Claude, GPT-4, custom agent)
- MCP Server - the connector for your enterprise system
- Tools - actions the AI can take
- Resources - data the AI can read
Why Are Enterprises Rushing to Adopt MCP?
- Gartner: 40% of enterprise applications will integrate task-specific AI agents by end of 2026
- Gartner: 62% of cloud ERP spending will go to AI-enabled solutions by 2027
- McKinsey 2025 State of AI: Most enterprises stuck in piloting phase - unable to move AI from experiments to production
What MCP gives you
- Standardized connections - one protocol, any AI model, any enterprise system
- Security boundaries - the AI only sees what you explicitly expose
- No vendor lock-in
- Reusable integrations
- Centralized governance
The flip side is just as important: making your SaaS visible to AI agents is increasingly table stakes, not a nice-to-have.
Traditional API vs. MCP
| Factor | Traditional API | MCP Integration |
|---|---|---|
| Complexity | High - custom code per integration | Low - standard protocol |
| Security | Varies | Built-in boundaries |
| Reusability | Low | High |
| Vendor Lock-in | High | None |
| Governance | Manual | Centralized |
| Time to Deploy | Weeks–months | Days–weeks |
MCP Integration for Salesforce
Salesforce supports MCP through its Agentforce platform, letting AI agents read and write CRM data using natural language - no SOQL required.
Salesforce announced native MCP support with Agentforce 3 in mid-2025.
Key use cases
- Querying leads, contacts, and opportunities in plain English
- Auto-updating deal stages based on email sentiment
- Generating sales reports without SOQL
- Triggering Salesforce Flows from AI agent actions
How to set up Salesforce MCP
- Set up OAuth 2.0 in Salesforce Connected Apps (Setup → App Manager → New Connected App)
- Deploy or configure an MCP server - native Agentforce MCP server (Setup → API Catalog → MCP Servers), third-party options, or custom
- Define Tools - read contact, update opportunity, create task, trigger Flow
- Define Resources - accounts, leads, reports, cases
- Connect your AI client
- Test with natural language queries
Key challenge: permission scoping
Apply least-privilege: scope each MCP tool to only the objects and fields the AI actually needs. Use Salesforce's Connected App OAuth scopes and profile-level permissions.
💡 Pro Tip: Start with read-only tools first.
MCP Integration for SAP
SAP MCP integration connects AI agents to SAP S/4HANA, enabling natural language access to financial data, procurement, HR, and supply chain workflows.
The SAP MCP server connects via OData APIs (through SAP Gateway or SAP BTP) or via RFC/BAPI calls for older on-premise systems.
Key use cases
- Natural language purchase order creation
- Real-time inventory queries across SAP plants
- Automated goods receipt processing
- Financial period-close status checks
- Supplier performance analysis
How to set up SAP MCP
- Enable OData services via SAP Gateway or SAP BTP API Management
- Set up OAuth 2.0 via SAP BTP's XSUAA service
- Deploy an MCP server - community tools like
odata-mcp-proxy, AWS SAP MCP Server on Bedrock AgentCore, or custom - Map SAP OData entities to MCP Tools and Resources
- Define access scopes per user role aligned with SAP authorization objects
- Connect AI client and test with business queries
Key challenge: SAP's complexity
Start with one module. Finance (FI) is a great first choice.
💡 Pro Tip: Use SAP BTP as your middleware. It handles OAuth 2.0, rate limiting, API management, and destination config in one place.
MCP Integration for NetSuite
NetSuite has one of the most mature MCP implementations among ERPs. Oracle launched the NetSuite AI Connector Service in August 2025.
The NetSuite AI Connector uses OAuth 2.0 and exposes both SuiteQL (a SQL-like query language supporting multi-table JOINs) and the REST Record API.
Key use cases
- Natural language financial reporting
- Automated invoice reconciliation
- Month-end close acceleration
- Cash flow visibility and forecasting
- Intelligent expense parsing
NetSuite MCP server options
| Option | Setup | Auth | Read/Write | Best For |
|---|---|---|---|---|
| NetSuite AI Connector (native) | SuiteApp + OAuth 2.0 | OAuth 2.0 | Full CRUD + SuiteQL | Most NetSuite users |
| CData MCP | JDBC driver + local config | JDBC string | Read-only (free tier) | Read-heavy use cases |
| Zapier MCP | SuiteApp + TBA tokens | Token-Based Auth | Full CRUD + SuiteQL | No-code teams |
| Truto | API key + integrated account | Managed OAuth 1.0 | Full CRUD unified | Multi-tenant / agencies |
How to set up NetSuite MCP
- Install the NetSuite AI Connector SuiteApp from the SuiteApp Marketplace
- Configure OAuth 2.0 - create a custom role with
MCP Server ConnectionandOAuth 2.0 Access Tokenspermissions (don't use Administrator role) - Set up SuiteQL access for read queries
- Define which records and fields the AI can access
- Connect your MCP client using:
https://<accountid>.suitetalk.api.netsuite.com/services/mcp/v1/all - Test with natural language financial queries
Critical: the TBA deprecation timeline
- NetSuite 2027.1: New integrations cannot use TBA
- NetSuite 2028.2: SOAP endpoints retire
Build new integrations on OAuth 2.0 from day one.
Key challenge: rate limits
NetSuite's default rate limit is 15 concurrent requests per account. Use a proxy/middleware to queue requests and handle rate limit errors with exponential backoff.
💡 Pro Tip: Use SuiteQL for reads (supports JOINs); use REST Record API for writes.
MCP vs. Traditional API Integration - Which Should You Choose?
For AI agent use cases, MCP wins. For simple point-to-point automations, traditional REST APIs are still fine.
When to use MCP
- Multi-agent workflows where multiple AI models access the same systems
- Natural language interfaces to enterprise data (the same pattern powers MCP for data pipelines across databases and warehouses)
- Multiple AI models connecting to the same Salesforce or NetSuite instance
- Governance and auditability matter
- Planning more AI use cases (N+M advantage compounds)
When to stick with REST or SOAP
- Simple non-AI automations
- Legacy systems without MCP server support
- One-off integrations
- Workflows where no AI model is in the loop
Security and Governance Best Practices
Non-negotiable practices
- Always use OAuth 2.0 - not API keys, not basic auth, not TBA for new NetSuite integrations
- Apply least-privilege
- Enable audit logging
- Use role-based access control (RBAC) aligned with existing ERP roles
- Never expose write tools without human-in-the-loop confirmation for critical actions
- Regularly rotate credentials
Why MCP's architecture helps
In traditional AI integration: AI agent gets raw API credentials, broad access. If leaked: huge blast radius.
With MCP: the AI can only call explicitly defined tools. It can't go off-script.
Common Mistakes to Avoid
- Giving AI agents too broad permissions on day one
- Skipping rate limit handling (especially NetSuite's 15 concurrent and Salesforce's daily limits)
- Not testing with real business queries before going live
- Ignoring deprecation timelines (TBA → OAuth 2.0)
- Trying to integrate all modules at once
- Not documenting your MCP tool definitions
Key Takeaways
- MCP is the emerging standard for AI-enterprise integration - open-sourced November 2024, now under Linux Foundation
- Salesforce, SAP, and NetSuite all have MCP support - native or via third-party MCP servers on SAP BTP
- Start small: one system, one use case, read-only tools first
- Security first: OAuth 2.0, least-privilege, audit logging, human-in-the-loop for critical writes
- The N+M architecture compounds
- Watch deprecation timelines: NetSuite TBA out 2027.1; SOAP retires 2028.2
FAQ
What is MCP integration?
MCP integration connects an AI agent to an enterprise system using the Model Context Protocol. Instead of building custom connectors for every AI-to-system pair, you build one MCP server per system.
Does Salesforce support MCP natively?
Yes. Salesforce added native MCP support with Agentforce 3, announced in June 2025. OAuth 2.0 via Connected Apps is the required authentication method.
How do I set up MCP for NetSuite?
The fastest path is the NetSuite AI Connector Service (August 2025). Install the SuiteApp, configure OAuth 2.0 with a custom role, and connect using: https://<accountid>.suitetalk.api.netsuite.com/services/mcp/v1/all. Avoid TBA for new integrations.
Is MCP secure for enterprise use?
Yes - when configured correctly. MCP's architecture enforces security boundaries by design. Use OAuth 2.0, least-privilege scoping, audit logging, and align access controls with your existing ERP role model.
What's the difference between MCP and a REST API?
A REST API requires custom code per integration. MCP uses REST APIs under the hood but adds a standardized discovery layer. MCP is the right choice when AI agents are in the loop.
Can I use MCP with SAP on-premise?
Yes. Expose OData services via SAP Gateway, use SAP BTP Cloud Connector to create a secure tunnel, and authenticate via OAuth 2.0 via BTP's XSUAA service.
Useful Sources
Keep reading
How to Wrap a REST API as an MCP Server for AI Agents
A hands-on Python tutorial for wrapping any REST API as an MCP server so AI agents like Claude can discover and call your tools at runtime.
Multi-Tenant MCP: How to Isolate Agent Access Across Clients
Running multiple clients through a single MCP server without proper isolation is a data breach waiting to happen. Here's how to architect tenant boundaries that hold.
MCP SSO Integration: Connecting Enterprise Identity Providers
A deep-dive guide to MCP SSO integration - OAuth 2.1, SAML 2.0, LDAP, SCIM, agent identity, and step-by-step setup for Okta, Azure AD, Google, Keycloak.



