Salfio
MCP

Connect from Claude.ai web

Add Salfio as a connector on claude.ai in about a minute, using OAuth — no tokens to copy.

Claude.ai web can talk to Salfio through a Custom Connector. You authenticate once in the browser, pick how the connection should behave (just you, or your whole organization), and Claude can use Salfio's tools from then on.

No API keys to paste. No config file to edit. Revoke from your Salfio settings whenever you want.

Prerequisites

  • A Salfio account on an organization you can sign in to at app.salfio.com.
  • A Claude.ai Pro, Team, Max, or Enterprise plan — Custom Connectors aren't available on the Free tier. (If the option is missing from your Claude settings, that's why.)

Add the connector

  1. In Claude.ai, open Settings → Connectors → Add custom connector.
  2. Fill in:
    • Name — anything you like (e.g. Salfio).
    • Remote MCP server URLhttps://mcp.salfio.com/sse
  3. Click Add. Claude reads the OAuth metadata from Salfio, registers itself automatically, and redirects you to the Salfio consent page.

Approve the connection

On app.salfio.com/oauth/mcp-consent, you'll see:

  • Who is asking — "Claude.ai" (the client name Claude registered with us).
  • What scope — pick one:
    • Just me (user_oauth) — Claude sees the same data you see in the app. Best for solo use.
    • My organization (org_oauth) — Claude sees organization-wide data, the same way a Service API key does. Best when the connector is shared with a team or used by a bot.
  • Which organization — if you're a member of more than one Salfio org, pick the one this grant belongs to.

Click Approve. Your browser redirects back to Claude, and the connector is live. Click Deny to abort — no grant is created.

Use it

In a Claude conversation, the Salfio tools appear under the connector you just added. You can ask things like:

  • "List all clients on Acme Corp's account."
  • "What are the last 5 activities on client X?"
  • "Create a new client called Widgets Inc., domain widgets.io."

Claude decides when to call a tool based on the conversation. You can always inspect the tool call from Claude's UI before it runs.

What's happening under the hood

The connection uses OAuth 2.1 with PKCE (RFC 6749 + RFC 7636). If you're curious about the mechanics:

  1. Claude fetches Salfio's OAuth metadata from https://mcp.salfio.com/.well-known/oauth-protected-resource and https://mcp.salfio.com/.well-known/oauth-authorization-server. Both live on the MCP host, not on the dashboard.
  2. Claude self-registers as a public OAuth client at https://mcp.salfio.com/oauth/register (RFC 7591 — Dynamic Client Registration).
  3. Claude redirects your browser to https://mcp.salfio.com/oauth/authorize, which in turn redirects you to https://app.salfio.com/oauth/mcp-consent — the dashboard consent page.
  4. After you approve, Salfio signs a short-lived JWT access token and a refresh token, signed with a key published at /.well-known/jwks.json.
  5. Claude sends the access token on every MCP request (Authorization: Bearer …). Salfio re-verifies it on each call.

Access tokens are valid for 1 hour; Claude refreshes them automatically as long as the grant is still active.

Manage your connections

Every MCP grant — OAuth or API key — lives at Settings → MCP Connections in the Salfio dashboard. Each row shows:

  • The client name (what the connector registered itself as)
  • The scope (just me or organization)
  • When the connection was established
  • When it was last used

Click Revoke to kill the connection. Within one minute, any active Claude conversation using it will start seeing "not authorized" errors on tool calls, and Claude will prompt you to reconnect.

Troubleshooting

"The connector isn't showing up in my settings." Custom Connectors require Claude Pro, Team, Max, or Enterprise. Free accounts can use Claude Desktop with an API key instead — see Connect from Claude Desktop.

"I got redirected to Salfio but don't see the consent screen — just the login page." You need to be signed in to app.salfio.com first. Sign in, then retry adding the connector.

"Approve worked, but Claude shows the connector as 'not connected'." Check that your browser didn't block the redirect. Some privacy extensions strip OAuth redirect parameters. Try again in a private window or allow-list app.salfio.com and mcp.salfio.com.

"My tools stopped working after a while." If you revoked the grant from the Salfio dashboard, Claude will stop seeing the tools within a minute or so. Re-add the connector to create a fresh grant.

"Claude says 'invalid_client' when I try to add the connector." This is almost always stale DCR state on Claude's side. Remove the connector entirely and re-add it — Claude will re-register and get a fresh client_id.

Security notes

  • Tokens are signed with a key Salfio controls and rotates. The public half is at https://mcp.salfio.com/.well-known/jwks.json.
  • Salfio never sees your Claude account — only that a browser session carrying a valid Claude-connector redirect landed on the consent page.
  • Every grant is auditable: it shows up in the dashboard immediately after approval and leaves a trail when revoked.
  • If you ever suspect a grant is misused, revoke first, investigate second. Revocation is a single click; issuing a new one is another click.

Model Context Protocol (MCP)

Query Salfio from Claude, Cursor, and other MCP-aware clients using the same tools your team already uses.

Connect from Claude Desktop

Wire Salfio into Claude Desktop (and other API-key MCP clients) with a Service or User key.

On this page

PrerequisitesAdd the connectorApprove the connectionUse itWhat's happening under the hoodManage your connectionsTroubleshootingSecurity notes