Connect one org
A customer admin authorizes a Salesforce org.
How emcee controls assistant access to Salesforce.
Admins publish a bounded assistant surface. Users get named access to one assistant at a time. If that sounds narrower than most AI tools, that is the point.
This page is intentionally plain. We would rather be specific than sound impressive.
Assistant-scoped endpoint. Bounded surface. Named-user runtime.
Evaluating the protocol side? Read the Salesforce MCP overview.
The short version
Publish one assistant
The assistant gets a defined data surface and tool set.
Assign named users
Assistant access is granted deliberately, not implied.
Bind and log runtime
Each session resolves to tenant, org, user, and assistant.
emcee is built to avoid raw, open-ended Salesforce access.
The access boundary is the published assistant surface and the assistant-specific runtime endpoint, not a generic whole-org connector. Preview, release review, session binding, and audit logging are part of the product model, not extras layered on later.
Runtime access screen
Real product screenshot used as proof.
What exists today
Bounded data surface
The admin chooses what an assistant can read object by object and field by field.
Assistant-scoped runtime endpoint
Published assistants get their own runtime endpoint instead of sharing one catch-all MCP connector.
Named-user seat assignment
Users receive assistant access explicitly instead of inheriting broad workspace access.
Structured audit events
Assistant invocations record runtime metadata with tenant, org, user, assistant, tool, timing, and outcome.
What is partial or still missing
| Capability | Status | Current posture |
|---|---|---|
| Invocation log per user | Partial | Runtime events exist with tenant, org, user, assistant, tool, timing, and status. The polished customer-facing console does not yet. |
| Record / field provenance | Partial | Tool and action shape are captured today. Full customer-facing provenance is not. |
| External agent-platform identity attribution | Partial | emcee can bind tenant, org, user, and assistant when it owns the runtime session. Shared third-party agent connections should be treated as shared identity until provenance is surfaced explicitly end to end. |
| Compliance export | Not yet | Planned for GA rather than rushed into early access. |
Brutal honesty
- No SOC 2, ISO 27001, or HIPAA certification today.
- No formal third-party penetration test report today.
- No public bug bounty programme.
- Not on the Salesforce AppExchange and not through Salesforce Security Review today.
- Runtime is hosted in
europe-west1today. - No customer-selectable regional processing controls today.
If you are reviewing emcee, ask the blunt questions.
We would rather answer a direct security or architecture question than hide behind a demo flow. If the current posture is too early for your process, say so. That is useful information.