Configure Federated Authentication

On this page

Federation Management Access

Tutorials
Consideration for Two-Factor Authentication

Cloud Manager will no longer support Automation, Backup, and Monitoring for MongoDB 3.6 and 4.0 after August 30th, 2024. Please upgrade your MongoDB deployment or migrate to Atlas.

OAuth 2.0 authentication for programmatic access to Cloud Manager is available as a Preview feature.: The feature and the corresponding documentation might change at any time during the Preview period. To use OAuth 2.0 authentication, create a service account to use in your requests to the Cloud Manager Public API.

MongoDB Federated Authentication links your credentials across many MongoDB systems. MongoDB Cloud Manager implements authentication using the Federated Identity Management model.

Using the FIM model:

Your company manages your credentials using an Identity Provider (IdP). With its IdP, your company can enable you to authenticate with other services across the web.
You configure Cloud Manager to authenticate using data passed from your IdP.

This goes beyond SSO as your IdP manages your credentials, not MongoDB. Your users can use Cloud Manager without needing to remember another username and password.

click to enlarge

To link your IdP to Cloud Manager you provide each with the appropriate metadata. Once you have linked your IdP to Cloud Manager, map domains and organizations to your IdP:

Domain Mapping: If you or another user log in to Cloud Manager using one of these mapped domains, Cloud Manager redirects you to the associated IdP. After you authenticate with the IdP, it returns you to the Cloud Manager application. To learn more about Domain Mapping, see Manage Domain Mapping for Federated Authentication.
Organization Mapping: Users who log in through the IdP are granted access to the mapped Cloud Manager organizations. You can choose what role these users have within the selected organizations. To learn more about Organization Mapping, see Manage Organization Mapping for Federated Authentication.

Federation Management Access

You can manage federated authentication from the Federation Management Console. You can access the console as long as you are an Organization Owner in one or more organizations that are delegating federation settings to the instance.

Tutorials

To configure federated authentication in Cloud Manager, you must:

Link an Identity Provider to Cloud Manager to ensure that your users are authenticated through your trusted IdP.
Map Domains to your Identity Provider to streamline the login experience for users from specified domains by authenticating them through an IdP.

Once you set up your IdP, you can optionally Map Organizations to your Identity Provider to give your users a unified login experience.

End-to-end tutorials on implementing federated authentication:

Consideration for Two-Factor Authentication

When you configure federated authentication and users authenticate through your IdP, Cloud Manager 2FA for those users is bypassed. If a user authenticates through your IdP and has 2FA for their Cloud Manager account enabled, Cloud Manager does not prompt the user for 2FA. Instead, you can configure your trusted IdP to prompt users for 2FA.

Back

Rotate Automation Password

Manage Identity Providers