Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
74 results found
-
Allow access from anywhere button to be a separate UI permission
"allow access from anywhere" button should be a separate privilege. This would allow the ability to add it to a role. The goal is to allow developers to log into the control plane, use the UI to add 1 single IP(theirs)...but not open up IPs to all(0.0.0.0/0).
3 votes -
Support GCP IAM for Cluster Authentication
Achieve feature parity with AWS IAM cluster authentication support.
80 votesThank you for your patience. Connecting Atlas clusters with GCP service accounts (workload identity federation) is in development and currently planned to be available in Q1 2024 (which is subject to change). The functionality will require MongoDB 7 in Atlas and initially will be supported in Java, Node, Python, C#/.NET, and Go drivers.
-
API Key Expiration date
We have a security reqirement that secrets must expire after 2 years.
Therefore it would be awesome if MongoDB Atlas API Keys would support an expiration date.
Somethig similar exists for the IP Whitelisting. Here we have the option to remove IP Whitelist entries after er certain time period. But for API Keys it would be better to have an expiration date and keep the API Key in the list even if its expired.
In addition it would be good to have a daily notification once the expiration date is ahead less than 30 day.
12 votes -
Reuse email address for new Atlas account
Please allow email addresses to be reused/reinstated for new Atlas accounts if an Atlas account associated with that email address has been deleted.
5 votes -
Show last activity of user
For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.
8 votes -
Allow an "Any Database" option for actions in custom roles
Much like built-in roles have the ability to target all databases/any database, it would be ideal if collection actions could also target any database. Similarly to how, when adding collection actions to a custom role, if you leave the "collection" field blank, it applies to all collections in the specified DB, it would be great if you could leave the "database" field blank too (or add an "any database" option) and have the actions associated with the role be allowed on any database.
This feature gap creates unnecessary maintenance overhead for clusters with large numbers of databases. This is particularly…
53 votes -
Recreate Account | Sign Up | MongoDB Atlas
There are many new web developer come on MongoDB Atlas. There create there account and start working but don't know any thing about MongoDB. Something goes wrong on there setup and decided to recreate there account and follow all the instructions. But after deleting there account they see that they can't use there old email address.
Because of this situations that I faced. I don't want these to be faced by someone else so I recommend MongoDB Atlas to remove this security policy. Guys, Do you support me?1 vote -
create API keys that support linked orgs
It is possible to link multiple orgs to each other. It should therefore be possible to use a single API key to access all linked orgs.
10 votes -
Allow custom duration for Temporary Users
In our software development lifecycle, we have sprints that are 2 weeks long.
We create temporary users for Software Engineers that are "onCall" during a sprint. The role is moving to a different engineer each new sprint.
It would be great to be able to specify an explicit
deleteAfterDatevalue or a custom duration greater than the current 6 days.3 votes -
Manage Database Access and Network access
I would like to give colleagues the ability to manage Database Access and Network access for a project without giving the the project owner role.
A way to provide more granular access in Atlas would be nice
9 votes -
Authentification on Azure (IAM)
Hello,
We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.
14 votes -
Support Login with Microsoft Credentials
When login to Atlas, we can use Google Login at the moment.
Please add Login with Microsoft Credentials.1 vote -
need api endpoint to see current db user limit. also see this number in UI
if this limit is reached, mongodb throws error
1 vote -
Ability to invalidate or revoke a X.509 certificate that was not expired.
Currently, X.509 certificates can be issued for authentication and authorization. However, it is not possible to invalidate an already issued certificate. In a situation where the certificate would be compromised, it is therefore not possible to invalidate it and re-issue a new one. The only way is to delete the user associated with the certificate and create a new user account (New CN).
7 votes -
Project teams
Hello,
I think it would be a good idea to have team management at project level.
We have many projects and members in our Atlas account.
I'm a organization owner. The people in my organization use the Altas service. I create
a project for them and give my colleagues the project owner authorizations.Project owners can invite other members. This is good. But it's a little inconsistent that
they are not able to create groups or teams within their projects They have to manage the permissions for each member separately.We can't use organization teams, because they are located at…
41 votes -
Being able to enable / disable Database users
When managing accounts and permissions, it could be great to "disable" an account before deleting it or reseting its password.
By example GCP ServiceAccounts have this feature. It helps to restore a service of an account faster if this one is still in use.
It will also help to set a kind of "policy" where inactive accounts get deactivated for a period of time and then deleted if not reactivated till then.
1 vote -
make empty teams possible
It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.5 votes -
Allow setting temporary IPs to API Access List
When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.
3 votes -
1 vote
-
Support native Azure authentication for the DB, e.g. service principal
Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals
30 votesThis is currently a roadmap item which will be addressed in 2023.
- Don't see your idea?