Atlas

Share your idea. In order to help prioritize, please include the following information

  1. A brief description of what you are looking to do
  2. How you think this will help
  3. Why this matters to you

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow Atlas User Data Access Permissions to be configured on a per-database/collection basis

    Similarly to how database user data access permissions can be configured on a per-database or per-collection basis, it would be ideal if Atlas user data access permissions (as they apply to Data Explorer) could be configured on a more granular basis as well.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  2. atlas portal ip whitelist

    We were given this idea from a security audit.

    From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
    This is to prevent login's other than from our permitted sites.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  3. Day granularity for Atlas-managed X.509 certificate

    It would be great to add more granularity when creating an Atlas-managed X.509 certificate for a MongoDB user, i mean by day at least.
    Thank you

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  4. remove the captcha from login, especially if 2 factor auth is enabled.

    I very much dislike being asking to train ML models by doing picture identification just to login to my account. Please find a less offensive captcha process, or remove it entirely when 2 factor auth is enabled.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow access from anywhere button to be a separate UI permission

    "allow access from anywhere" button should be a separate privilege. This would allow the ability to add it to a role. The goal is to allow developers to log into the control plane, use the UI to add 1 single IP(theirs)...but not open up IPs to all(0.0.0.0/0).

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  6. More granular user privileges for Database User in same project

    When having several clusters in the same project, it would be nice if we could configure different privileges to different clusters for the same user credentials.

    Like in the following example

    Name | Cluster1 | Cluster2 | Cluster3 | Cluster4
    User1 | R/W | R | R | R/W
    User2 | R | R/W | R | R

    Currently it's not possible to specify different privileges on the cluster level.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  7. RBAC for Atlas Search

    Atlas Search Indexes can only be managed via MongoDB credentials (Terraform or API calls), with required role "Project Data Access Admin" (see https://docs.atlas.mongodb.com/reference/api/fts-indexes-create-one/#required-roles ). It would be great if we could create/delete search indexes using database credentials, similarly to regular indexes.

    Because of that constraint, we need to provision dedicated apikey for our application ; in order to create the relevant search indexes. However, providing "Project Data Access Admin" is too much of a security risk - considering the power of such role.

    Would it be possible to have dedicated "Atlas Search Admin" role which would allow creation / updating…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  8. Improve password manager support on login screen

    Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.

    Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  9. more information in AWS IAM audit logs

    We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.

    An example log line in the current audit log:
    { "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  10. My entire team receives the billing info every month.

    Billing should be limited to organization owners only and not viewable by the entire organization.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  11. Project Monitoring Admin -- Access

    Hi Team,

    We need to give access to a particular team so they can create, edit, clone, disable, and delete the alarm for the entire organization in Alert setting only.

    We should not give them access other than the Alert setting. Is there any way to give access for Alert setting only, kindly provide your suggestions at the earliest.

    Please provide us steps if there's any way to create custom access for alert settings alone.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add privileges for Custom Roles which are currently only available in Built-in Roles

    Currently the list of privileges assignable for Custom Roles is only a subset of privileges available to Built-in Roles This request is to add the missing privileges to both the REST API and Atlas UI which are available to Built-in Roles

    The first set of privileges requested by a customer is from the Cluster Monitor role

    Expanded prioritized privileges requested:

    checkFreeMonitoringStatus
    getCmdLineOpts
    getLog
    getParameter
    getShardMap
    hostInfo
    inprog
    listShards
    netstat
    replSetGetConfig
    replSetGetStatus
    setFreeMonitoring
    shardingState

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  13. Stitch - use the same function to resend confirmation as when initially signing up

    When signing up with Email/Pwd, one of the options is to have the confirmation run through a function.
    In that function, a call to an external email provider has been set up to use a template with a logo.

    However, the "token" & "tokenId" parameters provided in the link are only valid for 30'.

    This makes it likely for people to be too late to confirm their email address.

    When calling "resendConfirmationLink", an email with a new link will indeed be sent out, but this is the standard MongoDB email. This request is to have this "resend" use the same…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  14. Show last activity of user

    For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  15. Need access to the REST API for IdP Federation

    Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.

    Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  16. Teams API should show the projects the team is a member of

    Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.

    I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).

    This would help a lot with automating access management

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add Option to Disable Federated Authentication Automatic Account Creation

    Based on the documentation it appears there is no option available to disable automatic account creation when Federated Authentication is used.

    The business case for disabling automatic account creation is to allow a limited set of users from the Identity Provider to have access to Atlas and the databases, while not allowing anyone with an account in the same domain to create an Atlas/Database account.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow setting up 2FA when loggin in...

    Hello would you guys implement 2FA when logging in on feedback website(here) without being logged in anywhere else with the password, i really need it for security reasons...thanks

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support Login with Microsoft Credentials

    When login to Atlas, we can use Google Login at the moment.
    Please add Login with Microsoft Credentials.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  20. Being able to enable / disable Database users

    When managing accounts and permissions, it could be great to "disable" an account before deleting it or reseting its password.

    By example GCP ServiceAccounts have this feature. It helps to restore a service of an account faster if this one is still in use.

    It will also help to set a kind of "policy" where inactive accounts get deactivated for a period of time and then deleted if not reactivated till then.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base