Skip to content

AdminFuat (Admin, MongoDB)

← MongoDB Feedback Engine

My feedback

10 results found

  1. Support Google IdP for OIDC Workforce Federation

    18 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    planned  ·  4 comments  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Thank you for the feedback. MongoDB Workforce Identity Federation uses Authorization Code Flow with PKCE (https://datatracker.ietf.org/doc/html/rfc7636) which does not require client secret. There is a discussion on Google forums about it, yet no action has taken so far https://discuss.google.dev/t/authorization-code-flow-without-client-secret/168113/7

    In order to help our customers, we plan to introduce optional client-secret parameter in OIDC configuration so that you can use Google as a Workforce Federation IdP. We are going to update this feedback item, when the work is started.

  2. Identify users via API that are regular project users versus federated or built-in (e.g., charts) users

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    2 comments  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Hi Anthony, thank you for your feedback. What are you trying to achieve by identifying users? If your aim is to make sure only users with certain email domains can access your organization, you can configure domain access list for your organization via federation application. This way, only users from allowed domains can be aded to your organization/projects.

    As a workaround for your exact request, for now you can get the whole user list and then filter-out users with federated domain (i.e. usernames ending with "@<yourdomain>"). The result will give you all guest users including the proxy user added by MongoDB charts.

  3. Authentication mode MONGODB-OIDC

    13 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    7 comments  ·  Ops Tools » Enterprise Kubernetes Operator  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Kubernetes Operator does not currently support Workforce / Workload Identity Federation workflows, it is in plans.

  4. Granular Permissions

    491 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    started  ·  62 comments  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Hi Hyung,

    Thank you for your feedback. This is a feature currently under active development. I recommend to follow it with existing feedback item: https://feedback.mongodb.com/forums/924145-atlas/suggestions/39906208-granular-permissions

    Thank you,

    Fuat
    -

    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Hi Jaime, thank you for the feedback. We are actively working on this feature. I will close this feedback item as it is a duplicate but please follow it here https://feedback.mongodb.com/forums/924145-atlas/suggestions/39906208-granular-permissions to get updates.

    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Just to bring some clarity with a public comment: The status of this ticket was updated to Started on Jul 20, 2022 that means the work to address the request started and MongoDB teams are actively working on it. Please vote for this request to get further updates.

  5. Remove the requirement to have an API Access List CIDR before being able to manage backup schedules

    4 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    started  ·  1 comment  ·  Atlas » Other  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    API Access list requirements will be removed for all APIs with upcoming Atlas updates in August 2023. Tentative release date is 08/02. Users can still require Access List for all API calls by enabling the enforcement in project settings.

  6. Associate domains to an IDP at Organization level rather than for entire mongodb.com

    7 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    4 comments  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Hi Louri, thank you for your feedback to make Atlas better.

    We have plans to make changes in our federated authentication model to break the global domain name impact you mentioned. I will keep updating this feedback item, please stay tuned.

  7. Parent - Child account set up

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    This is a long term roadmap item. Currently:
    - You can use Cross Organization Billing feature for billing related parent-child account set up.
    - You can use a separate Federation Management Organization that contains all linked organization owners as org owner. This allows each org owner to access federation app and manage their respective orgs separately while using the same IdP configuration.

  8. U domain Verification

    2 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Damian, thank you for your feedback. We will consider it in our future enhancements.

    Meanwhile, you can temporarily add the txt record for the subdomain in your DNS and then remove it right after verifying in Atlas. I hope this will address your concerns around publicly advertising an internal sub-domain.

  9. Option to Enforce Certain MFA Methods

    3 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    1 comment  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Thank you for your valuable feedback. This feature is in our long term plans; currently we have no specific date for availability. In the meantime, I would kindly suggest using Federated Authentication. By setting up federated authentication in MongoDB Atlas, you will have full control on authentication of your users including enforcing certain MFA methods through your Identity Provider.

  10. Improve 2FA and auth management

    12 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    6 comments  ·  Atlas » IAM  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    An error occurred while saving the comment
    AdminFuat (Admin, MongoDB) commented  · 

    Thank you for the feedback. I want to clarify that MFA can be enforced for users authenticating with their MongoDB cloud accounts. When users access Atlas with federated authentication (Google or SAML), MongoDB does not get the information whether the authentication happened with MFA, and it relies on MFA enforcement at the identity provider. We are closely watching this feature to improve the experience.

Feedback and Knowledge Base

(thinking…)