MongoByte MongoDB Logo

Welcome to the new MongoDB Feedback Portal!

{Improvement: "Your idea"}
We’ve upgraded our system to better capture and act on your feedback.
Your feedback is meaningful and helps us build better products.

Add new feedback Subscribe
Status Completed
Categories Atlas
Created by Guest
Created on Mar 16, 2020

RELATED FEEDBACK

Allow to set teams to users by Federated Authentication

When an Atlas User logs in by a Federated Authentication (like Okta) there is only a "Default User Role" to control its permission, so all users get the same role. And after that, we must manually add to teams, or change their roles. It would be better to allow the IdP to set (and update) the groups/teams for each user automatically.
  • ADMIN RESPONSE
    Aug 1, 2025
    This has been released --> https://docs.atlas.mongodb.com/security/manage-role-mapping You can now map IDP groups to Atlas Roles between Orgs and Projects. We do not support mapping to teams, that is not planned.
  • Attach files
  • Guest
    Jan 31, 2021
    There appears to be issues with this feature. After configuring the LDAP group via the roles mapping, it overwrites any of the manually configured org permissions. When a user that's part of the group logs in, the explicitly set permissions is overwritten. When a user that is not part of the group logs in, the explicitly set permissions are overwritten by the default permissions.
    Reply
  • Guest
    Jan 18, 2021
    are there REST APIs available so we can automate this?
    Reply
  • Guest
    Nov 17, 2020
    Do you have a scheduled date. I read that we are announcing for this year and we are in November now?
    Reply
  • Guest
    Nov 17, 2020
    432/5000 Ideally, it would be interesting to associate "Atlas" roles with a security group from our AD. Also, for high privileged accounts, we use the "Privileged Identity Management" feature in Azure to elevate our privileges right at the time of action. This prevents our accounts from having administrative privileges at all times. Could you integrate these improvements into the "MongoDB Cloud" connector.
    Reply
  • Guest
    Oct 12, 2020
    Same Issue here! Would be nice to have permission assignment via AD-Group membership. Thanks for implementing!
    Reply
  • Guest
    Oct 2, 2020
    Not sure if this is part of the scope of this change. But it would be nice to create an Atlas role that is associated to security group of the authenticated user. example if we created an Atlas support team roles and related that to a security group in our domain (group could be passed as an attributes of the Federated Authenication) the they would have the roles without having to be individually created. And we would have an other Atlas Role like Atlas Read-Only and they would have a different set of Atlas permission and it would map to a different security group in our domain.
    Reply
  • Guest
    Apr 5, 2020
    There are two possible behaviors with the current SAML implementation: 1. Federated Authentication is configured to not map a default role to a new user 2. Federated Authentication is configured to map a default role to a new user Pain points of #1 - For every new user who sings-in via SAML, an admin has to manually assign him/her a role. Ideally I would the role mapping in the SAML assertion - This behavior makes the first time login experience bumpy Pain points of #2 - Any authenticated user in the IdP can login. The default role gets assigned to him/her.
    Reply
  • Guest
    Mar 25, 2020
    It would be useful to be able to add extra role assertions, and have those role assertions map to the valid MongoDB roles (rather than having a default role). It would also be useful, if we could add role assertions, that could map to specific project roles also. If role assignments change (different assertions are received), then the roles a user has should also be updated..
    Reply
  • Guest
    Mar 17, 2020
    This is planned for later this year
    Reply