Atlas User Authentication


I just have a few questions related too the Atlas App Services User accounts:

  1. Where are the users stored (in the mongodb?) and is it possible to get a more direct access to them other than via the Realm App Services Web UI. I would like to access/manage other information like the identity provider IID etc.

  2. Is it possible to unlink auth providers, manually via a console, cli or API.

  3. Can users be moved/shared between Applications, I can see Applications can share the database, but I don’t really see any way to migrate/manage users.

  4. Can Custom Function providers store additional metadata? The Custom JWT providers let me map the meta data, but Custom Function providers doesn’t seem to have that function.


  1. They are stored in the App Service backend in a metadata cluster and users can only have access via API / UI. What kind of information are you looking to manage? This is read-only access after the user is authenticated -
  2. You can unlink providers by importing a new version of the application with those providers disabled or with state cleared.
  3. We do have a tool that has the ability to change deployment models between Applications here - It is not only intended to migrate user accounts - however it does do this under the hood.
  4. Yes Custom Function auth can be linked to Custom User data -

In general, when you want more robust control of users and their metadata our recommendation is to use Custom Function or Custom JWT auth with Custom User data. This will give you the most flexibility for managing users accounts and metadata.