Overview
Some Atlas features such as Data Federation require access to resources in your Azure Blob Storage environment. To grant access in a secure manner, create or update an Azure Service Principal with access policy.
Required Access
To configure Azure Service Principal access, you must have Project Owner access to the project.
Prerequisites
An Atlas account.
The Azure PowerShell or the Azure CLI.
Set Up Azure Service Principal Access
You can set up an Azure service principal with access policy for your Atlas project from the Atlas Administration API or Atlas UI. Select your preferred option:
Important
Service Principal vs. Application Registration
You do not need to create a new Entra ID (Azure AD) application registration. Atlas uses an existing multi-tenant application registered in the Microsoft identity platform.
Use the following process to:
Create a service principal for Atlas's existing multi-tenant application in your tenant.
Assign appropriate permissions to this service principal in your Azure environment.
Do NOT create a new application registration or custom Entra ID app.
The Atlas UI displays the Application ID (AppID) for MongoDB's pre-registered multi-tenant application. Create a service principal for this existing application within your Azure tenant.
View Authorized Azure Service Principals
You can view all Azure service principals for your Atlas project from the Atlas Administration API or Atlas UI.
View Authorized Azure Service Principal Details
You can view the details of an authorized Azure Service Principal from the Atlas Administration API or Atlas UI.
Remove Authorized Azure Service Principal
You can't remove a Service Principal that is currently in use. You can remove unused Azure Service Principals from the Atlas Administration API or Atlas UI.