Loading
Agentforce and Einstein Generative AI
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Apply an Agentforce Gateway Policy

            You are here:

            1. Salesforce Help
            2. Docs
            3. Quickstart Your Einstein Generative AI Solution

            Apply an Agentforce Gateway Policy

            Apply a policy either manually or automatically by defining matching criteria.

            Required Editions

            See Agentforce Gateway for supported editions and required permissions.
            • Apply Policies by Agent
              Target which agents a policy applies to for API connections and MCP server connections. Without this configuration, a policy that protects a connection applies to all agents that call it.

            Apply Policies Manually to API Connections

            Use the Manual Selection tab in Policy Builder to assign a policy to specific API connections.

            1. From Setup, in the Quick Find box, enter Policies, then select Policies.
            2. On the Agentforce Gateway Policies page, select the APIs tab and select a policy.
            3. On the policy details page, select Open in Builder.
            4. In Policy Builder, from the sidebar, select Target Entities Selection for Target Entities in Policy Builder..
            5. On the Target APIs page, select the Manual Selection tab.
            6. In Manual Selection, select Add Connections.
            7. On the Add Connections dialog, under Select Connections by API, choose the APIs to apply the policy to.
              • To apply the policy to all of an API's connections, select the checkbox next to the API name. The API's Connections column updates to All current connections.
              • To apply the policy to specific connections, click the link in the Connections column, select the checkbox next to each connection, and return to the Select Connections by API window. The link in the Connections column updates to show the number of selected connections, for example, 2 connections.
            8. Select Add Connections.
              For selected APIs that have the All current connections link in the Connections column, the policy applies to all connections. If a selected API's Connections column displays a number of connections, the policy applies only to those preselected connections.

            Apply Policies Manually to MCP Server Connections

            Use the Manual Selection tab in Policy Builder to assign a policy to specific MCP servers.

            You can also manually apply a policy to an MCP server when you register the server. Because you apply these policies manually, they don’t automatically apply to new server registrations.

            1. From Setup, in the Quick Find box, enter Policies, then select Policies.
            2. On the Agentforce Gateway Policies page, select the MCP Servers tab and select a policy.
            3. On the policy details page, select Open in Policy Builder.
            4. In Policy Builder, from the sidebar, select Target Entities Selection for Target Entities in Policy Builder..
            5. On the Target MCP Servers page, select the Manual Selection tab.
            6. In Manual Selection, select Add MCP Servers.
            7. Select one or more MCP servers, then click Add Servers.

            Define Matching Criteria to Apply Policies Automatically

            Define matching criteria to apply a single policy to multiple MCP servers or API connections automatically. Policies protect existing and future registrations that match the criteria.

            Matching criteria give you the flexibility to scale server protection automatically.

            1. From Setup, in the Quick Find box, enter Policies, then select Policies.
            2. On the Agentforce Gateway Policies page, select the APIs tab or MCP Servers tab depending on the policy type, and select a policy.
            3. On the policy details page, select Open in Policy Builder.
            4. In Policy Builder, select the Matching Criteria tab.
            5. Configure matching criteria.
              • Apply to:
                • For API connections, apply the policy to Connections that meet all conditions or Connections that meet any conditions.
                • For MCP server connections, apply the policy to MCP Servers that meet all conditions or MCP Servers that meet any conditions.
              • Variable:
                • For API connections, filter by API Source or API Name.
                • For MCP servers, filter by MCP Server Source or MCP Server Name.
              • Operator: Select the conditional operator.
              • Value: Select what value to filter by. The value is case-sensitive.
            6. To add a condition, click Add Condition.
            7. To create an AND conditional between multiple rules, click Add Group.
            8. Click Save Policy.
              Your policy automatically applies to all current and future MCP servers or API connections that match the criteria you specified.
            Note
            Note Creating or editing matching criteria, or creating or editing MCP servers or APIs or adding connections, can change which connections have protection. Synchronization occurs automatically in 15-minute intervals. To apply updates immediately, see Sync Policy Matching Criteria Immediately.

            Sync Policy Matching Criteria Immediately

            After you configure APIs, connections, matching criteria, or MCP servers, protection takes up to 15 minutes.

            1. On the policy details page, click the dropdown next to Open in Policy Builder.
            2. Select Sync Criteria-Based Policies.

            This action syncs all policy matching criteria across connections and protection targets without waiting for the automatic refresh.

             
            Loading
            Salesforce Help | Article