atlas portal ip whitelist
We were given this idea from a security audit.
From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.
This seems to be available currently if you submit a support ticket to have it enabled for your organization:
It would be great to have this available via default though, without having to work through mongo support which I assume is what this request is about.
Since this request is listed as started and not completed, can someone from Mongo confirm that this will enable the whitelist for users to enable and configure on their own (and hopefully control via api and the terraform provider)?
This is important from a compliance prospective as well, preventing users from accessing production data not over a VPN or On Site can cause issues. We do currently have implemented SSO but its just another check box we come across from time to time with our clients.
Typically the way you can address this use case is to federate your identity to your internal identity provider via SAML for SSO: This allows you to offload the authentication requirements (whether MFA or other rules) to your own identity system (like Okta, OneLogin, Ping, or AzureAD). Please see https://docs.atlas.mongodb.com/security/federated-authentication/