Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
75 results found
-
Improve 2FA and auth management
Right now, there is no way to require Google auth or to require 2FA. The only way to enforce 2FA for a team is to check the team mangagement page. However, since some users may have only used Google auth to login, they will show up in this view as not having 2FA, creating auditing headaches. Please
- indicate if a user does not have 2fa because they do not have a password vs just not having 2fa
- ideally, add the ability to require 2fa and/or Google auth for all team members10 votes -
Ability to enable LDAP and IAM auth at the same time
We would like the ability to have LDAP and IAM auth enabled on the same cluster at the same time. Today, you can only have one enabled, not both. Our goal is to use IAM auth for programatic access and LDAP auth for human access.
Please let us know when this gets prioritized.
8 votes -
More granular user privileges for Database User in same project
When having several clusters in the same project, it would be nice if we could configure different privileges to different clusters for the same user credentials.
Like in the following example
Name | Cluster1 | Cluster2 | Cluster3 | Cluster4
User1 | R/W | R | R | R/W
User2 | R | R/W | R | RCurrently it's not possible to specify different privileges on the cluster level.
8 votes -
Show last activity of user
For managing Database Users, it would be nice to see when that user was last used to authenticate with the cluster - so that we can spot potentially unused accounts and to act as an extra layer of confirmation when deleting accounts that we think are not needed anymore.
8 votes -
Ability to invalidate or revoke a X.509 certificate that was not expired.
Currently, X.509 certificates can be issued for authentication and authorization. However, it is not possible to invalidate an already issued certificate. In a situation where the certificate would be compromised, it is therefore not possible to invalidate it and re-issue a new one. The only way is to delete the user associated with the certificate and create a new user account (New CN).
8 votes -
Allow Atlas User Data Access Permissions to be configured on a per-database/collection basis
Similarly to how database user data access permissions can be configured on a per-database or per-collection basis, it would be ideal if Atlas user data access permissions (as they apply to Data Explorer) could be configured on a more granular basis as well.
7 votes -
Ability to change First and Last Name
It would be good if users are able to modify their First and Last Name after account creation.
7 votes -
remove the captcha from login, especially if 2 factor auth is enabled.
I very much dislike being asking to train ML models by doing picture identification just to login to my account. Please find a less offensive captcha process, or remove it entirely when 2 factor auth is enabled.
7 votes -
Atlas User permissions/role by Cluster
It would be very helpful to restrict/allow access to clusters within an Atlas project, by Atlas user. This can be achieved with database users, but Atlas users have all or nothing access to the clusters within a project.
6 votes -
make empty teams possible
It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.6 votes -
Day granularity for Atlas-managed X.509 certificate
It would be great to add more granularity when creating an Atlas-managed X.509 certificate for a MongoDB user, i mean by day at least.
Thank you6 votes -
A new role for security auditing purposes
Currently MongoDB Atlas provides two read only roles at project level ("Project Read Only", and " Project Data Access Read Only").
"Project Data Access Read Only" seems to allow access to the data also, while "Project Read Only" role does not allow access to the logs. (https://www.mongodb.com/docs/atlas/reference/user-roles/)
For security officers (internal/external), they need to access to the logs (audit, access, etc) and also to review the configuration; but don't need access to the data.
Therefore, I would like to request a new project level role for security officers with following features.
- access to "Download Logs"
- access…5 votes -
Reuse email address for new Atlas account
Please allow email addresses to be reused/reinstated for new Atlas accounts if an Atlas account associated with that email address has been deleted.
5 votes -
My entire team receives the billing info every month.
Billing should be limited to organization owners only and not viewable by the entire organization.
5 votes -
Project Monitoring Admin -- Access
Hi Team,
We need to give access to a particular team so they can create, edit, clone, disable, and delete the alarm for the entire organization in Alert setting only.
We should not give them access other than the Alert setting. Is there any way to give access for Alert setting only, kindly provide your suggestions at the earliest.
Please provide us steps if there's any way to create custom access for alert settings alone.
5 votes -
Change Username
Ability to change your username after registration and be able to re-use it should you need to.
5 votes -
Return a user createdDate for Atlas control plane and database users
Automated user systems such as Hashi-Vault will automatically create users. Typically these users have a 90day expiration. Any team using continuous delivery hits the atlas user limit. There is not a way to know when an atlas user was created from the API data
4 votes -
Support OIDC as Authentication Protocol for access to Mongo Portal
Currently SAML is supported: https://www.mongodb.com/docs/atlas/security/federated-authentication/#configure-federated-authentication
It would be preferable if OIDC was supported.
4 votes -
MongoAtlas Orga - Maximum number API keys exceeded
We have detected in our organisation that the limit of API keys has been reached. This is currently affecting our project teams in terms of resource distribution, so we are asking for an increase in the quoter in the short term.
Problem: We can't create keys and also delete them. The problem is that the key does not have an owner. Only org owner can delete this key. They did but this is only a reference deletion.
Alerting: Condition for alerting is not there
What we want to achieve:
- Transparency for the org owners about what the limit level…3 votes -
Associate domains to an IDP at Organization level rather than for entire mongodb.com
At this time domain to IDP associations apply to entire mongodb.com. This makes it very difficult for large companies that have several independent departments to use mongodb.com. Some departments might want to create separate Atlas organizations and others simply access Support section of mongodb.com web-site. They wouldn't want to share an IDP created within one Atlas organization.
One possible approach to addressing this issue is for an Atlas organization to have a distinct sub-domain on mongodb.com (e.g. bigco-org-a.mongodb.com). Another approach would be to have a field for Atlas Organization name on logon page.
3 votes
- Don't see your idea?