Skip to content

How can we improve the platform?

← Atlas

atlas portal ip whitelist

We were given this idea from a security audit.

From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.

8 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Robbie shared this idea  ·   ·  Report…  ·  Admin →

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Marco commented  ·   ·  Report

    We want to have the ability to apply IP restriction to Atlas UI access as well.

    Currently the IP Access List in MongoDB Atlas is designed to control access ONLY to database deployment on the network level, however user can still access everything from Atlas UI.

    This inconsistence brings security concerns, and also make public chart/dashboard unusable -- as it make charts public to the whole world instead of organization wise "public"

  • M commented  ·   ·  Report

    This seems to be available currently if you submit a support ticket to have it enabled for your organization:
    https://www.mongodb.com/docs/atlas/tutorial/manage-organizations/#std-label-atlas-ui-ip-access-list

    It would be great to have this available via default though, without having to work through mongo support which I assume is what this request is about.

    Since this request is listed as started and not completed, can someone from Mongo confirm that this will enable the whitelist for users to enable and configure on their own (and hopefully control via api and the terraform provider)?

  • Brian Hawkins commented  ·   ·  Report

    This is important from a compliance prospective as well, preventing users from accessing production data not over a VPN or On Site can cause issues. We do currently have implemented SSO but its just another check box we come across from time to time with our clients.

  • AdminAndrew Davidson (VP, Cloud Products, MongoDB) commented  ·   ·  Report

    Hi Robbie,

    Typically the way you can address this use case is to federate your identity to your internal identity provider via SAML for SSO: This allows you to offload the authentication requirements (whether MFA or other rules) to your own identity system (like Okta, OneLogin, Ping, or AzureAD). Please see https://docs.atlas.mongodb.com/security/federated-authentication/

    Cheers
    -Andrew

Atlas: IAM

Categories

Feedback and Knowledge Base

(thinking…)