in are organization we want user to have a self serve service that allow them to create project, cluster ,etc ...

for now we can only automate half of the process, because we need the web UI to invite user & wait that they approve the invitation before assigning them to project.

It would be great than we could, via API call, invite user & assign them to project or team without having to use manual process & wait for user to acknowledge the invitation

thanks

Please add the capability to enforce 2FA (As a setting) for any user invited to join a team. This would be a good step towards better security management

Ability to change your username after registration and be able to re-use it should you need to.

1)User A login inot Mongo Portal
2) He selects an organization and sends an invitation to User B
3) Now in the Activity Feed menu we can see User B was invited to the organization
4)Before the user B accepts the invitation , User A goes and deletes the pending invitation
5)Nothing is shown in activity feed.

This would help products which are integrating with MongoDB atlas to get the true status of pending invitations.

It would be great if we could organize the projects and not have them all at the same level of organization.
We could use this hierarchy to put rights, consult costs ...
A bit like the idea of Azure's management group or GCP's "Folder".

When we do SOC2 reviews, we have to take screenshots of the permissions various users have. Currently, a specific "team" in Atlas only shows 5 users at a time and is paginated. Taking screenshots of 5 users at a time is pretty tedious, so it would be amazing to have a page with the full list.

We were given this idea from a security audit.

From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.

I access Mongo Cloud / Atlas very frequently. However, almost every day I need to re-login using my Google account. It doesn't seem to "remember" my session.
I would love if I can extend the default, and let me (and other members) stay logged in for a longer period of time.

Right now, there is no way to require Google auth or to require 2FA. The only way to enforce 2FA for a team is to check the team mangagement page. However, since some users may have only used Google auth to login, they will show up in this view as not having 2FA, creating auditing headaches. Please
- indicate if a user does not have 2fa because they do not have a password vs just not having 2fa
- ideally, add the ability to require 2fa and/or Google auth for all team members

When trying to implement Atlas infrastructure for Organization/Project users, the Teams functionality is useless unless we can add pending users to a Team. Right now, if a new user doesn't login for two weeks, we can't assign them to a Team until two weeks after the implementation was supposed to be configured.

When logging into the support portal using support.mongodb.com, if federation is enabled, the user is redirected to their identity provider based on their domain, authenticated, and then redirected to the support portal.

However, if the custom URL for the identity provider is used, the user is always redirected to the Atlas interface. We would like to request that this custom URL be able to target an endpoint other than Atlas, such as the Support Portal.

Currently the list of privileges assignable for Custom Roles is only a subset of privileges available to Built-in Roles This request is to add the missing privileges to both the REST API and Atlas UI which are available to Built-in Roles

The first set of privileges requested by a customer is from the Cluster Monitor role

Expanded prioritized privileges requested:

checkFreeMonitoringStatus
getCmdLineOpts
getLog
getParameter
getShardMap
hostInfo
inprog
listShards
netstat
replSetGetConfig
replSetGetStatus
setFreeMonitoring
shardingState

Based on the documentation it appears there is no option available to disable automatic account creation when Federated Authentication is used.

The business case for disabling automatic account creation is to allow a limited set of users from the Identity Provider to have access to Atlas and the databases, while not allowing anyone with an account in the same domain to create an Atlas/Database account.

It would be great to add more granularity when creating an Atlas-managed X.509 certificate for a MongoDB user, i mean by day at least.
Thank you

Hello would you guys implement 2FA when logging in on feedback website(here) without being logged in anywhere else with the password, i really need it for security reasons...thanks

Session timeout value in Atlas UI defaults at 12h. Allow it to be configurable per Project or Organization, with the minimum value being 15 minutes. All Atlas users within an organization that have been idle for the duration of the configured session timeout should be automatically logged out.