Achieve feature parity with AWS IAM cluster authentication support.

It would be great if we could organize the projects and not have them all at the same level of organization.
We could use this hierarchy to put rights, consult costs ...
A bit like the idea of Azure's management group or GCP's "Folder".

It would be nice to have the killOp() action exposed when creating a custom role in Atlas.

I also think it would make sense to grant this action to the atlasAdmin role, but at a minimum I feel that Project Owners should be able to create a custom role that is allowed to kill ops that were initiated by other database users.

When trying to implement Atlas infrastructure for Organization/Project users, the Teams functionality is useless unless we can add pending users to a Team. Right now, if a new user doesn't login for two weeks, we can't assign them to a Team until two weeks after the implementation was supposed to be configured.

Session timeout value in Atlas UI defaults at 12h. Allow it to be configurable per Project or Organization, with the minimum value being 15 minutes. All Atlas users within an organization that have been idle for the duration of the configured session timeout should be automatically logged out.

Please consider adding 2FA support for hardware keys (Yubikey). Our company started enforcing this in our compliance policy for accessing production environments.

I access Mongo Cloud / Atlas very frequently. However, almost every day I need to re-login using my Google account. It doesn't seem to "remember" my session.
I would love if I can extend the default, and let me (and other members) stay logged in for a longer period of time.

in are organization we want user to have a self serve service that allow them to create project, cluster ,etc ...

for now we can only automate half of the process, because we need the web UI to invite user & wait that they approve the invitation before assigning them to project.

It would be great than we could, via API call, invite user & assign them to project or team without having to use manual process & wait for user to acknowledge the invitation

thanks

Right now, there is no way to require Google auth or to require 2FA. The only way to enforce 2FA for a team is to check the team mangagement page. However, since some users may have only used Google auth to login, they will show up in this view as not having 2FA, creating auditing headaches. Please
- indicate if a user does not have 2fa because they do not have a password vs just not having 2fa
- ideally, add the ability to require 2fa and/or Google auth for all team members

It would be good if users are able to modify their First and Last Name after account creation.

It would be great to be able to transfer users with their credentials and permissions from our on-premises deployment to Atlas during migration to avoid having to recreate those users using the Atlas interface or API.

Ability to change your username after registration and be able to re-use it should you need to.

It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.

Similarly to how database user data access permissions can be configured on a per-database or per-collection basis, it would be ideal if Atlas user data access permissions (as they apply to Data Explorer) could be configured on a more granular basis as well.

We were given this idea from a security audit.

From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.

It would be great to add more granularity when creating an Atlas-managed X.509 certificate for a MongoDB user, i mean by day at least.
Thank you