How can we improve the platform?

← Atlas

Support native Azure authentication for the DB, e.g. service principal

Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals

27 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Matt shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Steffen commented  ·   ·  Flag as inappropriate

    We https://bosch-iot-insights.com are migrating from an on-prem MongoDB to Atlas and also miss this feature heavy.
    As the original poster, Matt, says, in Azure, all the micro services already got their own AD representation, called "(managed) service principals".
    Being able to use those also for MongoDB access avoids to manage another representation of those services, through current technical database users in Atlas: Effectively, no automation code would be needed to reflect the dynamic come and go of new micro services.
    Like with the LDAP adapter, just having a "AD group" to db-permission mapping would be enough to allow micro services access to a database.
    In our particular case, we're representing all our customers as a bunch of agents, each an own micro service in Azure, i.e. we've hit the "no-more-than-100" database users already and would even need more than the hard limit of 1000 users.

  • Nicolai commented  ·   ·  Flag as inappropriate

    This is really a needed feature. Authentication via identities in Azure would be a godsend.
    We are using managed identity for inter-service auth in our Azure infrastructure and would love to extend that to DB access.

  • BJS commented  ·   ·  Flag as inappropriate

    This will be a great feature to have. The feature should allow IAM permissions to be assigned for any identify in Azure AD: user, managed identity, service principal, etc. Access to the Atlas portal would be nice, but the real need is for DB access. For example, with a pod running in AKS we can assign that pod a managed identity, and then that pod could authenticate to a DB in Atlas using the managed identity defined in Azure AD.

Atlas: Other

Categories

Feedback and Knowledge Base

(thinking…)