Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
16 results found
-
Support GCP IAM for Cluster Authentication
Achieve feature parity with AWS IAM cluster authentication support.
85 votesYour applications can now access Atlas Clusters with Google Service Accounts using MongoDB Workload Identity Federation (https://www.mongodb.com/docs/atlas/workload-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).
For your workforce access, we recommend to use Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/) with your corporate identity provider.
Thank you for your feedback.
-
Support native Azure authentication for the DB, e.g. service principal
Customers often want centralized permissioning for the database and LDAP is not generally supported well in the cloud. If a customer is using Azure, they want us to support Azure AD for database authentication. I believe that means using service principals
32 votesYour applications can now access Atlas Clusters with Azure Service Principals including Azure Managed Identities using MongoDB Workload Identity Federation (https://www.mongodb.com/docs/atlas/workload-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).
For your workforce access, we recommend to use Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/) with your corporate identity provider such as Azure Entra ID.
Thank you for your feedback.
-
Allow to set teams to users by Federated Authentication
When an Atlas User logs in by a Federated Authentication (like Okta) there is only a "Default User Role" to control its permission, so all users get the same role. And after that, we must manually add to teams, or change their roles. It would be better to allow the IdP to set (and update) the groups/teams for each user automatically.
32 votesThis has been released —> https://docs.atlas.mongodb.com/security/manage-role-mapping
You can now map IDP groups to Atlas Roles between Orgs and Projects. We do not support mapping to teams, that is not planned.
-
Allow modifying federation role mappings via API
We would like to use the new role mapping feature for federated authentication to assign Atlas roles based on LDAP groups assigned to our users.
However, we frequently create new projects programmatically and would need to manage the permissions to these new projects using role mapping. However, there is no public API available to manage role mappings programmatically. In addition, enabling role mapping disables the ability to manage roles for federated users with the API. So, at present, role mappings and permissions can only be managed manually through the UI.
We would like to request the ability to modify role…
26 votesWe are happy to announce that Federated Authentication Configuration can be now managed through Atlas Administration API. Please refer to API documentation for more information: https://docs.atlas.mongodb.com/reference/api/federation-configuration/
Please let us know if you have any feedbacks.
-
Allow Pending Users to be Added to a Team
When trying to implement Atlas infrastructure for Organization/Project users, the Teams functionality is useless unless we can add pending users to a Team. Right now, if a new user doesn't login for two weeks, we can't assign them to a Team until two weeks after the implementation was supposed to be configured.
18 votes -
Authentification on Azure (IAM)
Hello,
We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.
15 votesYou can now access Atlas Clusters through Microsoft Entra ID using MongoDB Workforce Identity Federation (https://www.mongodb.com/docs/atlas/workforce-oidc/). The feature is supported by MongoDB 7.0.11 dedicated clusters (M10 and above).
Thank you for your feedback.
-
YubiKey
Please consider adding 2FA support for hardware keys (Yubikey). Our company started enforcing this in our compliance policy for accessing production environments.
12 votesHello, you can use your U2F keys (like YubiKey) as second factor in authentication. It is listed as "Security Key/Biometrics" (also referred as WebAuthn) under Multi-Factor Authentication options.
https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
We highly recommend to set up at least 2 MFA option on different devices to avoid lockouts.
Thank you,
Fuat
-
-
Atlas API Enhancements
Since we want to automate the user (de)provisioning for organizations and projects, we would like to see the following API enhancements:
Please enhance the Mongo Atlas API for the following functionalities:
- invite (existing mongo) user to organization (currently not possible)
- remove user from organization
- get invitation status from user
- cancel invitation for userThank you
8 votesThe work for invite management has been completed and added as endpoints to organizations and projects: https://docs.atlas.mongodb.com/reference/api/projects/ and https://docs.atlas.mongodb.com/reference/api/organizations/
-
atlas portal ip whitelist
We were given this idea from a security audit.
From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.8 votes -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…4 votesThe full ARN including the user information is now captured in audit logs when AWS IAM authentication is used with assumed roles. This is a delayed update; the change was made in 2021. Thank you for your feedback to make MongoDB better.
-
Need access to the REST API for IdP Federation
Currently all IdP federation set up must be done in the Atlas GUI. This prohibits scripting the setup of IdP organization and role mapping for new projects.
Customers can prefer setting this up via a scriptable Rest API interface for a new project. Everything else about the project has an API that is currently used to create projects and deploy clusters. Authentication is important part of the process and currently requires manual set up through the GUI.
3 votes -
Show all team users on one page
When we do SOC2 reviews, we have to take screenshots of the permissions various users have. Currently, a specific "team" in Atlas only shows 5 users at a time and is paginated. Taking screenshots of 5 users at a time is pretty tedious, so it would be amazing to have a page with the full list.
2 votes -
1 vote
For Atlas UI authentication via SAML SSO please use Federated Authentication https://docs.atlas.mongodb.com/security/federated-authentication/
For Database authentication you can use Workforce Identity Federation with OIDC: https://www.mongodb.com/docs/atlas/workforce-oidc/
For your application access with GCP service accounts or Oauth2, you can use Workload Identity Federation: https://www.mongodb.com/docs/atlas/workload-oidc/
-
gsuite access
I'd love to see better integration with google services as authentication provider. The current workflow of manually setting up the identity providers/domains in atlas & custom saml endpoints(even without a preset) is pretty complicated imo.
1 voteWe now support Login/Register with Google without having to setup SAML.
-
OKTA integration logo is not provided with documentation resources
OKTA integration logo is not provided with documentation resources
https://docs.atlas.mongodb.com/security-ldaps-okta/Please, make sure engineers/integration admins do not deal with copyrighted content and spend time in graphical arts
Please, add necessary resources following best presentation options and recommendations from OKTA for the button logo (or refer to me if you like my sample)
Attached example we created from some picture over "the internets" ?
Thanks!
1 voteMongoDB Cloud is now included in the Okta Integration Catalog as a pre built tile. It has a logo.
-
Don't show prompt to enable 2FA when Google login is used
Since you can't do it, it's a bit annoying to have the yellow banner across the screen.
1 vote
- Don't see your idea?