Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
74 results found
-
More granular user privileges for Database User in same project
When having several clusters in the same project, it would be nice if we could configure different privileges to different clusters for the same user credentials.
Like in the following example
Name | Cluster1 | Cluster2 | Cluster3 | Cluster4
User1 | R/W | R | R | R/W
User2 | R | R/W | R | RCurrently it's not possible to specify different privileges on the cluster level.
6 votes -
Support Login with Microsoft Credentials
When login to Atlas, we can use Google Login at the moment.
Please add Login with Microsoft Credentials.1 vote -
Reuse email address for new Atlas account
Please allow email addresses to be reused/reinstated for new Atlas accounts if an Atlas account associated with that email address has been deleted.
5 votes -
Being able to enable / disable Database users
When managing accounts and permissions, it could be great to "disable" an account before deleting it or reseting its password.
By example GCP ServiceAccounts have this feature. It helps to restore a service of an account faster if this one is still in use.
It will also help to set a kind of "policy" where inactive accounts get deactivated for a period of time and then deleted if not reactivated till then.
1 vote -
Allow custom duration for Temporary Users
In our software development lifecycle, we have sprints that are 2 weeks long.
We create temporary users for Software Engineers that are "onCall" during a sprint. The role is moving to a different engineer each new sprint.
It would be great to be able to specify an explicit
deleteAfterDatevalue or a custom duration greater than the current 6 days.3 votes -
need api endpoint to see current db user limit. also see this number in UI
if this limit is reached, mongodb throws error
1 vote -
Show last activity of user
For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.
8 votes -
API Key Expiration date
We have a security reqirement that secrets must expire after 2 years.
Therefore it would be awesome if MongoDB Atlas API Keys would support an expiration date.
Somethig similar exists for the IP Whitelisting. Here we have the option to remove IP Whitelist entries after er certain time period. But for API Keys it would be better to have an expiration date and keep the API Key in the list even if its expired.
In addition it would be good to have a daily notification once the expiration date is ahead less than 30 day.
11 votes -
Manage Database Access and Network access
I would like to give colleagues the ability to manage Database Access and Network access for a project without giving the the project owner role.
A way to provide more granular access in Atlas would be nice
9 votes -
create API keys that support linked orgs
It is possible to link multiple orgs to each other. It should therefore be possible to use a single API key to access all linked orgs.
10 votes -
Allow setting temporary IPs to API Access List
When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.
3 votes -
1 vote
-
Federation metadata.xml for automatic idp certificate rotation
It would be great to have an opportunity to automatically rotate the idp signature certificate.
I could provide a metadata.xml url. With that metadata.xml in generally it's possible that okta rotate the certificate on it's own. But it's not possible to configure in Mongodb Atlas.
Best regards
Fabian1 vote -
Atlas console authentication logs
MongoDB Atlas does not seem to provide a tool or a page that will show the authentication logs for the Atlas console users. Example - a log indicating when a project owner or a cluster manager logged in or out of the Atlas console along with the relevant time stamps.
I have raised a support case with MongoDB and the engineer suggested to raise a feature request as this feature is currently not available. Refer case #00755619.
Thank you.
1 vote -
Improve password manager support on login screen
Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.
Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…
3 votes -
make empty teams possible
It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.5 votes -
Teams API should show the projects the team is a member of
Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.
I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).
This would help a lot with automating access management
2 votes -
Domain Validation should use subdomain rather than domain root
When entering the txt value for validation atlas should use its own subdomain for the verification rather than requiring the domain root which is often populated with spf keys.
Other examples of this implementation are
Github: github-challenge-org.domain.com
Mandrill: mandrill.domainkey.domain.com
Google: google._domainkey.domain.com1 vote -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…3 votes -
Filter users list by organization role
The Users view in the Access Manager really needs a way to either sort or filter by role, so I can see a single screen with just the users who are Owners, for example.
1 vote
- Don't see your idea?