I would like to give colleagues the ability to manage Database Access and Network access for a project without giving the the project owner role.

A way to provide more granular access in Atlas would be nice

When testing out API keys that are normally only run through CI/CD tools, I'd like to be able to add my local IP to the API Access List for a temporary time window.

It would be great to have an opportunity to automatically rotate the idp signature certificate.

I could provide a metadata.xml url. With that metadata.xml in generally it's possible that okta rotate the certificate on it's own. But it's not possible to configure in Mongodb Atlas.

Best regards
Fabian

MongoDB Atlas does not seem to provide a tool or a page that will show the authentication logs for the Atlas console users. Example - a log indicating when a project owner or a cluster manager logged in or out of the Atlas console along with the relevant time stamps.

I have raised a support case with MongoDB and the engineer suggested to raise a feature request as this feature is currently not available. Refer case #00755619.

Thank you.

Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.

Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.

It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.

Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.

I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).

This would help a lot with automating access management

When entering the txt value for validation atlas should use its own subdomain for the verification rather than requiring the domain root which is often populated with spf keys.

Other examples of this implementation are

Github: github-challenge-org.domain.com
Mandrill: mandrill.domainkey.domain.com
Google: google._domainkey.domain.com

The Users view in the Access Manager really needs a way to either sort or filter by role, so I can see a single screen with just the users who are Owners, for example.

When inviting new Atlas Users to organizations via the API, the invite email says that the invite was sent by the API public key that performed the API call. This makes the invitation emails read like this:

"You have been invited by tfqzvwrs to join the Example - Atlas organization on MongoDB Atlas."

The ability to customize this (e.g. using an additional field in the request body) would be ideal since the random string being shown as the sender of the invite could make the email look suspect.

Hello,

We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.

Currently, X.509 certificates can be issued for authentication and authorization. However, it is not possible to invalidate an already issued certificate. In a situation where the certificate would be compromised, it is therefore not possible to invalidate it and re-issue a new one. The only way is to delete the user associated with the certificate and create a new user account (New CN).

Billing should be limited to organization owners only and not viewable by the entire organization.

Achieve feature parity with AWS IAM cluster authentication support.

Hi Team,

We need to give access to a particular team so they can create, edit, clone, disable, and delete the alarm for the entire organization in Alert setting only.

We should not give them access other than the Alert setting. Is there any way to give access for Alert setting only, kindly provide your suggestions at the earliest.

Please provide us steps if there's any way to create custom access for alert settings alone.