Skip to content

How can we improve the platform?

← Atlas

Support native Azure authentication for the DB, e.g. service principal

Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals

32 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Matt shared this idea  ·   ·  Report…  ·  Admin →
completed  ·  AdminFuat (Admin, MongoDB) responded  · 

Your applications can now access Atlas Clusters with Azure Service Principals including Azure Managed Identities using MongoDB Workload Identity Federation (https://www.mongodb.com/docs/atlas/workload-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).


For your workforce access, we recommend to use Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/) with your corporate identity provider such as Azure Entra ID.


Thank you for your feedback.

Show previous admin responses (2)

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Michael Gerlach commented  ·   ·  Report

    With MongoDB 7.0, this is done in Atlas through OIDC authentication and Identity Federation.

  • Steffen Guertler commented  ·   ·  Report

    We https://bosch-iot-insights.com are migrating from an on-prem MongoDB to Atlas and also miss this feature heavy.
    As the original poster, Matt, says, in Azure, all the micro services already got their own AD representation, called "(managed) service principals".
    Being able to use those also for MongoDB access avoids to manage another representation of those services, through current technical database users in Atlas: Effectively, no automation code would be needed to reflect the dynamic come and go of new micro services.
    Like with the LDAP adapter, just having a "AD group" to db-permission mapping would be enough to allow micro services access to a database.
    In our particular case, we're representing all our customers as a bunch of agents, each an own micro service in Azure, i.e. we've hit the "no-more-than-100" database users already and would even need more than the hard limit of 1000 users.

  • Nicolai commented  ·   ·  Report

    Hi MongoDB team,

    Is there any update on this?

  • Nicolai commented  ·   ·  Report

    This is really a needed feature. Authentication via identities in Azure would be a godsend.
    We are using managed identity for inter-service auth in our Azure infrastructure and would love to extend that to DB access.

  • BJS commented  ·   ·  Report

    This will be a great feature to have. The feature should allow IAM permissions to be assigned for any identify in Azure AD: user, managed identity, service principal, etc. Access to the Atlas portal would be nice, but the real need is for DB access. For example, with a pod running in AKS we can assign that pod a managed identity, and then that pod could authenticate to a DB in Atlas using the managed identity defined in Azure AD.

Atlas: IAM

Categories

Feedback and Knowledge Base

(thinking…)