Atlas

Share your idea. In order to help prioritize, please include the following information

  1. A brief description of what you are looking to do
  2. How you think this will help
  3. Why this matters to you

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support GCP IAM for Cluster Authentication

    Achieve feature parity with AWS IAM cluster authentication support.

    43 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  2. Granular Permissions

    Right now Mongo Atlas allows you to assign two types of roles to all the users: Organization and Project, and for each set it gives you some predefined roles.

    The problem with this is you can't have any kind of granular control of what permission is assigned to each user. (e.g. to allow a user to create a trigger through Mongo Stitch it needs the Project Owner role).

    This is a major setback as I'm giving my coworkers more access than needed.

    A good solution would be to have something like the database access control in this part so we…

    167 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  20 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  3. Show last activity of user

    For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  4. Project teams

    Hello,

    I think it would be a good idea to have team management at project level.
    We have many projects and members in our Atlas account.
    I'm a organization owner. The people in my organization use the Altas service. I create
    a project for them and give my colleagues the project owner authorizations.

    Project owners can invite other members. This is good. But it's a little inconsistent that
    they are not able to create groups or teams within their projects They have to manage the permissions for each member separately.

    We can't use organization teams, because they are located at…

    29 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  5. make empty teams possible

    It is currently not possible to create empty teams of remove all users from teams.
    We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow an "Any Database" option for actions in custom roles

    Much like built-in roles have the ability to target all databases/any database, it would be ideal if collection actions could also target any database. Similarly to how, when adding collection actions to a custom role, if you leave the "collection" field blank, it applies to all collections in the specified DB, it would be great if you could leave the "database" field blank too (or add an "any database" option) and have the actions associated with the role be allowed on any database.

    This feature gap creates unnecessary maintenance overhead for clusters with large numbers of databases. This is particularly…

    11 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  8. More Fine-Grained Custom Roles

    Our developers need to access databases from home or an office location from time to time.
    They are not Project Owners and should not have broad sweeping administrative privileges over the databases.
    In some cases they may be outsource workers who would only have read-only views on the data.
    However, they do need to be able to connect to the databases.
    Currently, you need a Project Owner role to be able to add an IP address to the whitelist and allow remote access.
    Please add the ability to create custom roles for Atlas users, which would enable us to create…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  9. Projects Organization

    It would be great if we could organize the projects and not have them all at the same level of organization.
    We could use this hierarchy to put rights, consult costs ...
    A bit like the idea of Azure's management group or GCP's "Folder".

    21 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  10. Expose the killOp() action when creating custom roles in Atlas UI

    It would be nice to have the killOp() action exposed when creating a custom role in Atlas.

    I also think it would make sense to grant this action to the atlasAdmin role, but at a minimum I feel that Project Owners should be able to create a custom role that is allowed to kill ops that were initiated by other database users.

    13 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  11. Manage Database Access and Network access

    I would like to give colleagues the ability to manage Database Access and Network access for a project without giving the the project owner role.

    A way to provide more granular access in Atlas would be nice

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  12. more information in AWS IAM audit logs

    We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.

    An example log line in the current audit log:
    { "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve password manager support on login screen

    Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.

    Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow setting temporary IPs to API Access List

    When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  15. Federation metadata.xml for automatic idp certificate rotation

    It would be great to have an opportunity to automatically rotate the idp signature certificate.

    I could provide a metadata.xml url. With that metadata.xml in generally it's possible that okta rotate the certificate on it's own. But it's not possible to configure in Mongodb Atlas.

    Best regards
    Fabian

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  16. Teams API should show the projects the team is a member of

    Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.

    I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).

    This would help a lot with automating access management

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow modifying federation role mappings via API

    We would like to use the new role mapping feature for federated authentication to assign Atlas roles based on LDAP groups assigned to our users.

    However, we frequently create new projects programmatically and would need to manage the permissions to these new projects using role mapping. However, there is no public API available to manage role mappings programmatically. In addition, enabling role mapping disables the ability to manage roles for federated users with the API. So, at present, role mappings and permissions can only be managed manually through the UI.

    We would like to request the ability to modify role…

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentification on Azure (IAM)

    Hello,

    We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  19. Atlas console authentication logs

    MongoDB Atlas does not seem to provide a tool or a page that will show the authentication logs for the Atlas console users. Example - a log indicating when a project owner or a cluster manager logged in or out of the Atlas console along with the relevant time stamps.

    I have raised a support case with MongoDB and the engineer suggested to raise a feature request as this feature is currently not available. Refer case #00755619.

    Thank you.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  20. Need access to the REST API for IdP Federation

    Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.

    Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base