Docs Menu
Docs Home
/
MongoDB Atlas
/ / /

Set up Self-Managed X.509 Authentication

On this page

  • Prerequisites
  • Configure a Project to use a Public Key Infrastructure
  • Add a Database User using Self-Managed X.509 Authentication

Self-managed X.509 certificates provide database users access to the clusters in their project. Database users are separate from Atlas users. Database users have access to MongoDB databases, while Atlas users have access to the Atlas application itself.

In order to use self-managed X.509 certificates, you must have a Public Key Infrastructure to integrate with MongoDB Atlas.

1
  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Advanced under the Security heading.

2

Toggle Self-Managed X.509 Authentication to ON.

3

You can provide a Certificate Authority (CA) by:

  • Clicking Upload and selecting a .pem file from your filesystem.

  • Copying the contents of a .pem file into the provided text area.

You can concatenate multiple CAs in the same .pem file or in the text area. Users can authenticate with certificates generated by any of the provided CAs.

When you upload a CA, a project-level alert is automatically created to send a notification 30 days before the CA expires, repeating every 24 hours. You can view and edit this alert from Atlas's Alert Settings page. For more information on configuring alerts, see Configure Alert Settings.

4

To edit your CA once uploaded, click the Self-Managed X.509 Authentication Settings icon.

1
  1. If it's not already displayed, select the organization that contains your project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your project from the Projects menu in the navigation bar.

  3. In the sidebar, click Database Access under the Security heading.

2
  1. If it isn't already displayed, click the Database Users tab.

  2. Click Add New Database User.

3
4
Field
Description
Common Name

The user's Common Name (CN) protected by the TLS/SSL certificate. For more information, see RFC 2253.

Example

If your common name is "Jane Doe", your organization is "MongoDB", and your country is "US", insert the following into the Common Name field:

CN=Jane Doe,O=MongoDB,C=US
User Privileges

You can assign roles in one of the following ways:

For information on the built-in Atlas privileges, see Built-in Roles.

For more information on authorization, see Role-Based Access Control and Built-in Roles in the MongoDB manual.

5

Back

Database Users

Next

AWS IAM