Join us Sept 17 at .local NYC! Use code WEB50 to save 50% on tickets. Learn more >
MongoDB Jokes
Docs Menu
Docs Home
/
Atlas
/
Configure Security Features

Configure Atlas Clusters Authentication

Atlas offers the following security features for cluster authentication.

To learn about recommendations for authentication, see Guidance for Atlas Authentication in the Atlas Architecture Center.

Important

Atlas requires any user that needs access to the Atlas control plane to have MFA configured for enhanced security.

If you use Atlas Manage Organization Users, configure and manage MFA within Atlas. You must use MFA when using Atlas credentials.

If you use federated authentication, configure and manage MFA in the IdP.

If you don't configure MFA, Atlas supports the following MFA methods as secondary identification:

  • Security keys

  • Biometrics

  • OTP (One-Time Password) authenticators

  • Push notifications with Okta Verify

  • Email

To learn more, see Manage Your Multi-Factor Authentication Options.

Database User Authentication

Atlas requires clients to authenticate to access clusters. You must create database users to access the database. To set up database users for your clusters, see Configure Database Users.

Custom Database Roles

When the built-in Atlas database user privileges don't meet your desired set of privileges, you can create custom roles.

Authentication with AWS IAM

You can authenticate applications running on AWS services to Atlas clusters with AWS IAM roles. You can set up a database user to use an AWS IAM role ARN for authentication and connect to your database using mongosh and drivers that authenticate using your AWS IAM role ARN. Using AWS IAM role reduces the number of authentication mechanisms and number of secrets to manage.

To learn more, see AWS IAM Authentication.

User Authentication with LDAP

Atlas supports performing user authentication with LDAP. To use LDAP, see Set Up User Authentication and Authorization with LDAP.

User Authentication with OIDC

Atlas supports performing user authentication with OIDC. To use OIDC, see Authentication and Authorization with OIDC/OAuth 2.0.

User Authentication with X.509

X.509 client certificates provide database users access to the clusters in your project. Options for X.509 authentication include Atlas-managed X.509 authentication and self-managed X.509 authentication. To learn more about self-managed X.509 authentication, see Set Up Self-Managed X.509 Certificates.

Back

Azure Service Connector

Next

AWS IAM

Earn a Skill Badge

Master "Secure MongoDB Atlas: AuthN and AuthZ" for free!

Learn more

On this page