Salesforce

​

Overview

The Salesforce integration connects your Salesforce CRM to Alysio so teams can query, analyze, and take action on CRM data through natural language. Alysio uses Salesforce’s REST API via Paragon’s secure proxy so every request runs in the authenticated Salesforce user’s context and respects Salesforce security controls including profiles, permission sets, sharing rules, and field level security. If you are setting up Salesforce for the first time, see the separate tab How to Install for managed package installation and org connection steps.

​

Read and Write Access

This integration supports both read and write operations for common go to market workflows, including creating and updating records. Delete operations are intentionally disabled for safety.

​

What teams use this for

Answer pipeline and forecast questions without building reports
Find risk and anomalies faster than dashboards
Update fields and log activities from chat
Discover schema and custom fields on demand
Generate direct Lightning record links for fast follow up

---

​

Supported Salesforce Data

​

Standard objects

Accounts
Contacts
Leads
Opportunities
Cases
Tasks
Events

​

Custom objects

Any custom object in the connected Salesforce org, including custom fields and relationships.

​

Metadata and schema discovery

Object definitions and field metadata for schema discovery and dynamic field mapping.

​

Relationships

Lookup and master detail relationships, including common associations between Accounts, Contacts, Opportunities, and related activities.

---

​

Authentication

​

Method

OAuth 2.0 via Paragon Connect

​

Redirect URI

https://passport.useparagon.com/oauth

​

Token handling

Salesforce issues OAuth tokens and Paragon manages them securely. Alysio does not store Salesforce OAuth tokens. Each tenant connection is isolated using a signed X Paragon Credential header.
Tokens are refreshed automatically by Paragon.
If the integration is uninstalled or disconnected, credentials are removed and API access stops.

​

User context and enforcement

All API requests execute as the authenticated Salesforce user. This means Object permissions are enforced by Salesforce
Field level security is enforced by Salesforce
Sharing rules and org wide defaults are enforced by Salesforce
Alysio cannot access records the user cannot access in Salesforce

---

​

Required OAuth Scopes

Alysio requests a set of scopes that support secure identity, token refresh, and API access. api
id
profile
email
address
phone
refresh_token

​

Scope purpose

api enables Salesforce REST API requests for querying and record read write
id profile email support identity verification, user mapping, and connection validation
refresh_token enables long lived connections without repeated logins
address and phone support optional org and user metadata used for admin verification and support workflows

​

Salesforce API access requirement

Salesforce API access depends on edition and licensing. If your org does not include API access, the integration will fail even if OAuth succeeds.

---

​

API Usage

All requests are routed through Paragon’s secure proxy to the Salesforce REST API. Alysio supports read and write operations but does not delete records.

​

Endpoint categories

Query
GET /query?q=
Executes SOQL queries Metadata
GET /sobjects//describe
Returns object and field definitions Read
GET /sobjects//
Fetches a specific record Create
POST /sobjects/
Creates a new record Update
PATCH /sobjects//
Updates an existing record Record URLs
Alysio can generate Salesforce Lightning record links so users can open the exact record in Salesforce.

​

Rate limiting

Salesforce org limits apply. Additional throttling may occur at the Paragon proxy layer depending on workload and retry behavior.

---

​

MCP Tools

The Salesforce MCP exposes tools that can be invoked through natural language inside Alysio.

​

salesforce_run_soql_query

Executes a SOQL query and returns records. For large result sets it may return a file path. Record URLs are attached when possible. Example prompts
List my top 10 accounts by ARR
How many open opportunities close this quarter
Show opportunities closing this month by stage

---

​

salesforce_get_object_fields

Returns field names, labels, types, and picklist values for a Salesforce object. Example prompts
What fields exist on Opportunity
Show picklist values for StageName
Describe the Account object

---

​

salesforce_get_record

Returns a single record by object and record ID plus a Salesforce link. Example prompts
Get Account 001xx000001234
Show me this Contact in Salesforce
Open Opportunity 006xx00000ABC

---

​

salesforce_create_record

Creates a new record and returns the new record ID and Lightning URL. Example prompts
Create a new Lead for Acme with this email
Create a Task to follow up tomorrow
Log an Event for this meeting

---

​

salesforce_update_record

Updates a record by object and ID and returns the record URL. Example prompts
Update this opportunity stage to Negotiation
Change the Account phone number
Set close date to next Friday

---

​

salesforce_generate_record_url

Generates a direct Lightning record URL for an object and record ID. Example prompts
Give me a link to this opportunity
Open this account in Salesforce
Share the record URL

---

​

App Behavior

Alysio performs Salesforce operations on demand in response to user prompts. Each request is Validated against the connected user context
Executed within the boundaries of Salesforce permissions and sharing
Scoped to read and write actions only, with deletes disabled
Returned in chat with record links where applicable Alysio does not run a background sync by default for this integration. It queries Salesforce when you ask.

---

​

Example Flow

User asks
Show me all open opportunities closing this month Alysio routes the request to the Salesforce MCP. The MCP converts the question into a SOQL query and executes it through Paragon. Salesforce returns only records the user can access based on permission model and sharing rules. Alysio displays results and includes Lightning record links for fast follow up.

---

​

Troubleshooting

​

Post September 2025 Connected App approval behavior

Some Salesforce orgs require admin approval or installation steps before users can authorize a connected app. If users cannot connect, an admin may need to approve the Paragon connected app.

​

Common issues

Missing API access
Your Salesforce edition or license may not allow API access. 403 Forbidden
The connected user lacks object permissions or field level permissions for the requested data. 401 Unauthorized
The token is expired or revoked. Reconnect Salesforce in Alysio under Settings → Integrations. Missing records
Sharing rules or org wide defaults may restrict visibility. Test by checking access directly in Salesforce as the same user.

---

​

Support

support@alysio.ai Docs
https://tech.alysio.ai/integrations/salesforce

---

​

Version History

June 2025
Legacy Salesforce app created November 2025
Migrated to Paragon Connected App to align with updated connected app policy behavior Ongoing
Security and compliance improvements