Skip to content

Atlas

Share your idea. In order to help prioritize, please include the following information

  1. A brief description of what you are looking to do
  2. How you think this will help
  3. Why this matters to you

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

16 results found

  1. Support GCP IAM for Cluster Authentication

    Achieve feature parity with AWS IAM cluster authentication support.

    85 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  IAM  ·  Admin →

    Your applications can now access Atlas Clusters with Google Service Accounts using MongoDB Workload Identity Federation (https://www.mongodb.com/docs/atlas/workload-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).


    For your workforce access, we recommend to use Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/) with your corporate identity provider.


    Thank you for your feedback.

  2. Allow modifying federation role mappings via API

    We would like to use the new role mapping feature for federated authentication to assign Atlas roles based on LDAP groups assigned to our users.

    However, we frequently create new projects programmatically and would need to manage the permissions to these new projects using role mapping. However, there is no public API available to manage role mappings programmatically. In addition, enabling role mapping disables the ability to manage roles for federated users with the API. So, at present, role mappings and permissions can only be managed manually through the UI.

    We would like to request the ability to modify role…

    26 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Admin →
  3. Authentification on Azure (IAM)

    Hello,

    We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.

    15 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  IAM  ·  Admin →

    You can now access Atlas Clusters through Microsoft Entra ID using MongoDB Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).


    Thank you for your feedback.

  4. Atlas API Enhancements

    Since we want to automate the user (de)provisioning for organizations and projects, we would like to see the following API enhancements:

    Please enhance the Mongo Atlas API for the following functionalities:
    - invite (existing mongo) user to organization (currently not possible)
    - remove user from organization
    - get invitation status from user
    - cancel invitation for user

    Thank you

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Admin →
  5. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Admin →

    For Atlas UI authentication via SAML SSO please use Federated Authentication https://docs.atlas.mongodb.com/security/federated-authentication/


    For Database authentication you can use Workforce Identity Federation with OIDC: https://www.mongodb.com/docs/atlas/workforce-oidc/


    For your application access with GCP service accounts or Oauth2, you can use Workload Identity Federation: https://www.mongodb.com/docs/atlas/workload-oidc/

  6. Support native Azure authentication for the DB, e.g. service principal

    Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals

    32 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  IAM  ·  Admin →

    Your applications can now access Atlas Clusters with Azure Service Principals including Azure Managed Identities using MongoDB Workload Identity Federation (https://www.mongodb.com/docs/atlas/workload-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).


    For your workforce access, we recommend to use Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/) with your corporate identity provider such as Azure Entra ID.


    Thank you for your feedback.

  7. more information in AWS IAM audit logs

    We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.

    An example log line in the current audit log:
    { "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Admin →

    The full ARN including the user information is now captured in audit logs when AWS IAM authentication is used with assumed roles.  This is a delayed update; the change was made in 2021. Thank you for your feedback to make MongoDB better.

  8. Need access to the REST API for IdP Federation

    Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.

    Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  1 comment  ·  IAM  ·  Admin →
  9. Allow to set teams to users by Federated Authentication

    When an Atlas User logs in by a Federated Authentication (like Okta) there is only a "Default User Role" to control its permission, so all users get the same role. And after that, we must manually add to teams, or change their roles. It would be better to allow the IdP to set (and update) the groups/teams for each user automatically.

    32 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  IAM  ·  Admin →
  10. Allow Pending Users to be Added to a Team

    When trying to implement Atlas infrastructure for Organization/Project users, the Teams functionality is useless unless we can add pending users to a Team. Right now, if a new user doesn't login for two weeks, we can't assign them to a Team until two weeks after the implementation was supposed to be configured.

    18 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  2 comments  ·  IAM  ·  Admin →
  11. atlas portal ip whitelist

    We were given this idea from a security audit.

    From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
    This is to prevent login's other than from our permitted sites.

    8 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  6 comments  ·  IAM  ·  Admin →
  12. YubiKey

    Please consider adding 2FA support for hardware keys (Yubikey). Our company started enforcing this in our compliance policy for accessing production environments.

    12 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  IAM  ·  Admin →
  13. Show all team users on one page

    When we do SOC2 reviews, we have to take screenshots of the permissions various users have. Currently, a specific "team" in Atlas only shows 5 users at a time and is paginated. Taking screenshots of 5 users at a time is pretty tedious, so it would be amazing to have a page with the full list.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  IAM  ·  Admin →
  14. gsuite access

    I'd love to see better integration with google services as authentication provider. The current workflow of manually setting up the identity providers/domains in atlas & custom saml endpoints(even without a preset) is pretty complicated imo.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Admin →
  15. OKTA integration logo is not provided with documentation resources

    OKTA integration logo is not provided with documentation resources
    https://docs.atlas.mongodb.com/security-ldaps-okta/

    Please, make sure engineers/integration admins do not deal with copyrighted content and spend time in graphical arts

    Please, add necessary resources following best presentation options and recommendations from OKTA for the button logo (or refer to me if you like my sample)

    Attached example we created from some picture over "the internets" ?

    Thanks!

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Admin →
  16. Don't show prompt to enable 2FA when Google login is used

    Since you can't do it, it's a bit annoying to have the yellow banner across the screen.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  IAM  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base