Associate domains to an IDP at Organization level rather than for entire mongodb.com
At this time domain to IDP associations apply to entire mongodb.com. This makes it very difficult for large companies that have several independent departments to use mongodb.com. Some departments might want to create separate Atlas organizations and others simply access Support section of mongodb.com web-site. They wouldn't want to share an IDP created within one Atlas organization.
One possible approach to addressing this issue is for an Atlas organization to have a distinct sub-domain on mongodb.com (e.g. bigco-org-a.mongodb.com). Another approach would be to have a field for Atlas Organization name on logon page.
Iouri Grabovchtchiner
shared this idea
-
AdminIsabelle
(Admin, MongoDB)
commented
Hi Alissa - this pain point is one we are thinking about. I'm going to reach out to you over email to discuss your scenario. Thanks for sharing!
-
Alissa
commented
In addition to the above, it appears allowing one account to set up SSO can lock another account out of MongoDB completely if the SSO is different between internal departments. This makes it very easy for large companies with multiple departments to lock each other out.
-
AdminFuat
(Admin, MongoDB)
commented
Hi Louri, thank you for your feedback to make Atlas better.
We have plans to make changes in our federated authentication model to break the global domain name impact you mentioned. I will keep updating this feedback item, please stay tuned.