Support native Azure authentication for the DB, e.g. service principal
Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals
This is currently a roadmap item which will be addressed in 2023.
We https://bosch-iot-insights.com are migrating from an on-prem MongoDB to Atlas and also miss this feature heavy.
As the original poster, Matt, says, in Azure, all the micro services already got their own AD representation, called "(managed) service principals".
Being able to use those also for MongoDB access avoids to manage another representation of those services, through current technical database users in Atlas: Effectively, no automation code would be needed to reflect the dynamic come and go of new micro services.
Like with the LDAP adapter, just having a "AD group" to db-permission mapping would be enough to allow micro services access to a database.
In our particular case, we're representing all our customers as a bunch of agents, each an own micro service in Azure, i.e. we've hit the "no-more-than-100" database users already and would even need more than the hard limit of 1000 users.
Hi MongoDB team,
Is there any update on this?
This is really a needed feature. Authentication via identities in Azure would be a godsend.
We are using managed identity for inter-service auth in our Azure infrastructure and would love to extend that to DB access.
This will be a great feature to have. The feature should allow IAM permissions to be assigned for any identify in Azure AD: user, managed identity, service principal, etc. Access to the Atlas portal would be nice, but the real need is for DB access. For example, with a pod running in AKS we can assign that pod a managed identity, and then that pod could authenticate to a DB in Atlas using the managed identity defined in Azure AD.
AdminSalman (Admin, MongoDB) commented
similar request here