Set Up Self-Managed X.509 Authentication
On this page
Self-managed X.509 certificates provide database users access to the database deployments in your project. Database users are separate from Atlas users. Database users have access to MongoDB databases, while Atlas users have access to the Atlas application itself.
Considerations
If you enable LDAP authorization, you can't connect to your database deployments with users that authenticate with an Atlas-managed X.509 certificate.
After you enable LDAP authorization, you can connect to your database deployments with users that authenticate with an self-managed X.509 certificate. However, the user's Common Name in their X.509 certificate must match the Distinguished Name of a user who is authorized to access your database with LDAP.
You can have both users that authenticate with self-managed certificates and users that authenticate with Atlas-managed X.509 certificates in the same database.
Required Access
To manage database users, you must have
Organization Owner
or Project Owner
access to Atlas.
Prerequisites
To use self-managed X.509 certificates, you must have a Public Key Infrastructure to integrate with MongoDB Atlas.
Configure a Project to use a Public Key Infrastructure
View or Modify Self-Managed X.509 Authentication Settings
Add a Database User using Self-Managed X.509 Authentication
Enter user information.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Distinguished Name | The user's Common Name (CN) and optionally additional Distinguished Name fields (RFC 4514) from the following table:
For more information on Distinguished Name fields, see RFC 4514. ExampleCN=Jane Doe,O=MongoDB,C=US | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
User Privileges | You can assign roles in one of the following ways:
For information on the built-in Atlas privileges, see Built-in Roles. For more information on authorization, see Role-Based Access Control and Built-in Roles in the MongoDB manual. |