What problem are you trying to solve?

Focus on the what and why of the need you have, not the how you'd like it solved.

Users with a high number of Entra ID group memberships (currently 200+ members are experiencing issues) are unable to access the MongoDB Atlas UI because Microsoft Entra ID omits the group claims from the authentication token when the maximum limit (150 for SAML, 200 for JWT) is reached. This prevents Atlas from correctly mapping the user's roles and permissions.

What would you like to see happen?

Describe the desired outcome or enhancement.

Implement a feature to explicitly fetch the full list of group memberships from Entra ID via the group link (or overflow link) that is returned in the authentication token when the group limit is exceeded.

This solution would involve:

1. Atlas detecting the presence of the group link instead of a direct group list in the incoming token.

2. Atlas using the necessary Graph API permissions to follow that link and retrieve the user's complete list of group memberships directly from Entra ID.

Why is this important to you or your team?

Explain how the request adds value or solves a business need.

Becoming an increasingly critical issue for internal users as more members are being onboarded into Atlas.

• Scalability: The current Entra ID limit is a significant barrier to onboarding users who have common, large corporate group memberships.

• User Experience: It prevents users from accessing essential tools and disrupts workflow.

What steps, if any, are you taking today to manage this problem?

Directing affected users to leverage an elevated administrative user account that is a member of fewer groups.