Manage Programmatic Access to Multiple Organizations
On this page
- OAuth 2.0 authentication for programmatic access to Atlas is available as a Preview feature.
- The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Atlas Administration API.
In the organizations and projects hierarchy, an organization can contain multiple projects (previously referred to as groups). Under this structure:
Billing happens at the organization level while preserving visibility into usage in each project.
You can view all projects within an organization.
You can use teams to bulk assign organization users to projects within the organization.
If you need to scale beyond the existing project limits, you can create multiple organizations.
Required Access
To perform any of the following actions, you must have
Organization Owner access to Atlas.
Create Multiple Organizations
Repeat the following steps to create multiple organizations:
Enter the name for your organization.
Important
Don't include sensitive information in your organization name.
Select Atlas and click Next.
You have the option of adding a new Cloud Manager organization or a new Atlas organization. For more information on Cloud Manager see the documentation.
(Optional) Disable the IP access list requirement for the Atlas Administration API.
When you create a new organization with the Atlas UI, Atlas requires IP access lists for the Atlas Administration API by default. If you require an IP access list, your Atlas Administration API keys can make API requests only from the location-based IP or CIDR addresses that you specify in the IP access list.
To disable the IP access list requirement and allow your Atlas Administration API keys to make requests from any address on the internet, toggle Require IP Access List for the Atlas Administration API to OFF.
To learn more, see Optional: Require an IP Access List for the Atlas Administration API.
(Optional) Set Up Cross-Organization Billing
You can set up cross-organization billing to share a billing subscription across multiple organizations.
The following prerequisites and limitations apply:
To link a paying organization to another organization, you must have
Organization Billing AdminorOrganization Ownerprivileges for both organizations.A paying organization must have an Atlas subscription.
A paying organization and all linked organizations must be in good standing and have no failed payments.
A paying organization and any linked organizations must be on the same support level.
A paying organization and any linked organizations must have the same minimums, uplifts, and SLA for their subscription plan.
A paying organization and any linked organizations can't have an active self-serve support plan.
A paying organization and any linked organizations can't have overlapping monthly commitment deals.
A paying organization on a prepaid subscription plan and any linked organizations must be on the same current and future subscription plans.
You can manually link a paying organization with the Atlas UI, or programatically link a paying organization with the Atlas Admin API to a maximum of 250 other organizations. To link a paying organization to more than 250 other organizations, contact support.
A paying organization can't already be a linked organization.
A paying organization can be linked to a self-serve organization.
A paying organization and any linked organizations can't have an active self-serve marketplace subscription plan.
Note
To purchase a subscription that enables cross-organization billing, contact MongoDB Sales.
To configure a paying organization and link other organizations to it:
(Optional) In Atlas, create an organization to configure as a paying organization.
If you wish to create a new organization through which to pay, Create an Organization.
Note
You can rename an organization to reach your desired cross-organization configuration.
In Atlas, go to the Billing page for your organization.
If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.
Do one of the following steps:
Click Billing in the navigation bar.
Click Billing in the sidebar.
The Billing page displays.
Select organizations to link to your paying organization.
A dialog box displays your selected organization under Paying organization on the left and a list of organizations you may link to it under Select organizations to link on the right.
Select each organization you wish to link to your paying organization.
Click Review and Finish.
Grant Project Access to your Organizations
To manage projects in all your organizations, you need to grant each organization programmatic access to the projects. You can use API keys or service accounts. To learn about API keys versus service accounts, see Grant Programmatic Access to Atlas.
Create an API key for each organization.
Repeat the steps to create an API key for an organization for each organization.
Invite the organization key to each project within the organization.
For each project within an organization, invite the related organization key.
Repeat the steps to create a service account
for each project. The service account you create for a project gets
automatically added to the parent organization with the permission Organization Member.