I am currently working on implementing SSO (Okta) to my organisation. I have configured a good range of applications and services now, including MongoDB Atlas.
MongoDB Atlas is now configured with SAML using Okta as my IdP. However, I am wondering if I can take this further and delve into controlling database access on my production cluster. So, when a user logs in for the first time (via Okta SAML), it also creates a database user (database access tab) with specific roles and access. From here, they are able to connect to the database (using mongodb compass) with their account that Okta has created.
Is this possible? Has anyone else got a similar use case?
Be great to hear back and thank you for your time 
Thanks, Matthew. We are looking into database authentication via OpenID Connect so that a database user can directly authenticate with the database via Compass through their identity provider credentials. Hopefully, this can address most of the use case you are describing
1 Like
Hello,
Thank you very much for your reply. That’s good to know and I look forward to seeing this directly work.
I have been researching today about inline hooks and SAML assertion with Okta and group attribute mapping.
I have created group mapping with defines role assignment for the platform. I am wondering, on top of this question if yourself, or anyone knows how to assert a database access user with this too?
Thanks
We do not support database authentication directly with SAML and have no plans of doing so. If the reason you are looking for SAML authentication for database is to manage the full life cycle of identities with your corporate identity provider, you may consider using:
a) LDAP (https://www.mongodb.com/docs/atlas/security-ldaps/)
b) Hashicorp Key Vault (HashiCorp Vault & MongoDB Atlas | MongoDB)
1 Like
Okay brilliant.
Thank you for that information.
Hello,
Hope you’re well. Been reading your comment back and want to confirm it is no authentication to a database.
It is to create a database access user on the Atlas platform.
Is this still a no?
Please see this link on the database authentication in Atlas .
Once you authenticate with Atlas control plane using SAML, you can create database users using one of several supported methods (details in link above) such as SCRAM, X.509, LDAP, and AWS-IAM. If you are able to use LDAP or AWS-IAM, you can possibly use your identity provider credentials to authenticate with the database.