Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
74 results found
-
Allow setting temporary IPs to API Access List
When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.
3 votes -
Improve password manager support on login screen
Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.
Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…
3 votes -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…3 votes -
Add privileges for Custom Roles which are currently only available in Built-in Roles
Currently the list of privileges assignable for Custom Roles is only a subset of privileges available to Built-in Roles This request is to add the missing privileges to both the REST API and Atlas UI which are available to Built-in Roles
The first set of privileges requested by a customer is from the Cluster Monitor role
Expanded prioritized privileges requested:
checkFreeMonitoringStatus
getCmdLineOpts
getLog
getParameter
getShardMap
hostInfo
inprog
listShards
netstat
replSetGetConfig
replSetGetStatus
setFreeMonitoring
shardingState3 votes -
Stitch - use the same function to resend confirmation as when initially signing up
When signing up with Email/Pwd, one of the options is to have the confirmation run through a function.
In that function, a call to an external email provider has been set up to use a template with a logo.However, the "token" & "tokenId" parameters provided in the link are only valid for 30'.
This makes it likely for people to be too late to confirm their email address.
When calling "resendConfirmationLink", an email with a new link will indeed be sent out, but this is the standard MongoDB email. This request is to have this "resend" use the same…
3 votes -
Include IdP Group and Atlas Role mapped in the ROLE_MAPPING_CREATED event
When an Atlas Role is mapped to an IdP group in the Federation Management Console, an event is created with the eventTypeName "ROLEMAPPINGCREATED" and the description "A Role Mapping was Created". The event returns in both the Atlas Admin API events endpoint and the Organization Alerts. It would be beneficial for auditing to include the IdP group and Atlas Role in the event.
2 votes -
Associate domains to an IDP at Organization level rather than for entire mongodb.com
At this time domain to IDP associations apply to entire mongodb.com. This makes it very difficult for large companies that have several independent departments to use mongodb.com. Some departments might want to create separate Atlas organizations and others simply access Support section of mongodb.com web-site. They wouldn't want to share an IDP created within one Atlas organization.
One possible approach to addressing this issue is for an Atlas organization to have a distinct sub-domain on mongodb.com (e.g. bigco-org-a.mongodb.com). Another approach would be to have a field for Atlas Organization name on logon page.
2 votes -
U domain Verification
If you are able to verify the parent domain for your company, then you shouldn't need to have to verify the sub-domains associated with that domain. Company's do not generally advertise their internal u-domains on the internet therefore any verification on that sub-domain will naturally fail. This is hindering us from integrating our Okta credentials with our login information.
2 votes -
trigger manage role
expanding Trigger management role beyond the Project Owner role
2 votes -
Teams API should show the projects the team is a member of
Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.
I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).
This would help a lot with automating access management
2 votes -
Allow direct access to support portal when using custom federation URL
When logging into the support portal using support.mongodb.com, if federation is enabled, the user is redirected to their identity provider based on their domain, authenticated, and then redirected to the support portal.
However, if the custom URL for the identity provider is used, the user is always redirected to the Atlas interface. We would like to request that this custom URL be able to target an endpoint other than Atlas, such as the Support Portal.
2 votes -
Add Option to Disable Federated Authentication Automatic Account Creation
Based on the documentation it appears there is no option available to disable automatic account creation when Federated Authentication is used.
The business case for disabling automatic account creation is to allow a limited set of users from the Identity Provider to have access to Atlas and the databases, while not allowing anyone with an account in the same domain to create an Atlas/Database account.
2 votes -
Allow setting up 2FA when loggin in...
Hello would you guys implement 2FA when logging in on feedback website(here) without being logged in anywhere else with the password, i really need it for security reasons...thanks
2 votes -
Support OIDC as Authentication Protocol for access to Mongo Portal
Currently SAML is supported: https://www.mongodb.com/docs/atlas/security/federated-authentication/#configure-federated-authentication
It would be preferable if OIDC was supported.
1 vote -
Atlas access management similar to Azure AD Privileged Identity Management (PMI)
Hello, we are looking for functionality that allows users to auto-promote or adjust their privileges based on the access needed.
For example: if user XYZ needs access to DB:123 he can elevate access himself to this db.
This would be similar to Azure Active Directory (Azure AD) Privileged Identity Management (PIM). A service offered by Microsoft as part of its Azure cloud platform. It helps organizations manage, control, and monitor access within their Azure AD environment, particularly for privileged accounts. These accounts have elevated permissions that can perform critical tasks, such as managing resources, configuring settings, or accessing sensitive data.
…
1 vote -
Hello, your login captcha is a real pain ********** !!!!!
Hello, your login captcha is a real pain ********** !!!!!
1 vote -
Atlas Role
The idea would be to have more advanced options when configuring access management to different projects/clusters.
A lot of companies would benefit greatly from seeing a segregation of roles and access to different features on a project.
It would be beneficial to have more read roles - focus on the metadata layer, but it would be also nice to have it on the DB level e;g. Onboarding a local entity - DBAs want to see only dedicated DB information - should be then between their responsibility.
The idea is to have differentiation between metadata and data, It can be particularly…
1 vote -
Parent - Child account set up
I have a client that has multiple BUs and would like to organize them under a Parent account. From my understanding, Atlas does not currently support a Parent-child account set up. This would be beneficial to have as we continue to onboard our enterprise clients and we get more use cases.
1 vote -
org owner permissions won't revoke due to role mapping
When choosing to use idp role mapping, if a user is not part of a group, his permissions are revoked, including locking him out of crucial administration options.
Users with the org owner permissions should be handled as super users and be excluded from any role mapping in order to refrain from having their permissions change
1 vote -
Atlas feature request
While adding access for teams to a project in Mongo UI, there should be an option to limit access to a particular cluster.
For example: If there are 3 clusters in a project, then team 1 should have access only to cluster1 and team2 to cluster 2 and so on.1 vote
- Don't see your idea?