Docs Menu
Docs Home
/
MongoDB Cloud Manager
/

Security Overview

On this page

  • TLS Encryption
  • Access Control and Authentication

Cloud Manager provides configurable encryption, authentication, and authorization to ensure the security of your MongoDB Agents and MongoDB deployments. Cloud Manager supports TLS, SCRAM-SHA-1 and SCRAM-SHA-256, LDAP, and Kerberos.

Cloud Manager can use TLS for encrypting communications for when the MongoDB Agent connects to:

  • Cloud Manager.

  • MongoDB instances that use TLS. You must set each MongoDB host's Use TLS setting in Cloud Manager and must configure the agent's TLS settings. See Configure MongoDB Agent to Use TLS.

MongoDB uses Role-Based Access Control (RBAC) to determine access to a MongoDB system. When run with access control, MongoDB requires users to authenticate themselves and then determines that user's permissions.

If your MongoDB deployment uses authentication and the MongoDB Agent:

  • Uses Automation to manage the deployment, Cloud Manager creates the appropriate MongoDB user, gives it all necessary roles, and authenticates to the deployments as that MongoDB user.

  • Does not use Automation to manage the deployment, you must create a MongoDB user for the MongoDB Agent Monitoring and Backup functions with appropriate access.

Note

Kerberos and LDAP authentication are available with MongoDB Enterprise only.

Cloud Manager can use the SCRAM-SHA-1 and SCRAM-SHA-256 authentication mechanisms to authenticate a user on a MongoDB deployment.

Tip

See also:

To learn about SCRAM, see the SCRAM page in the MongoDB manual.

If your MongoDB deployment uses SCRAM authentication and the MongoDB Agent:

  • Uses Automation to manage the deployment, Cloud Manager creates the appropriate MongoDB user and gives it all necessary roles.

  • Does not use Automation to manage the deployment, you must create a MongoDB user for the MongoDB Agent Monitoring and Backup functions.

Note

Starting with MongoDB 8.0, LDAP authentication and authorization is deprecated. The feature is available and will continue to operate without changes throughout the lifetime of MongoDB 8. LDAP will be removed in a future major release.

For details, see LDAP Deprecation.

The MongoDB Agent can use the LDAP authentication mechanism to authenticate to the MongoDB deployment.

If your MongoDB deployment uses LDAP for authentication, you must create a MongoDB user for the MongoDB Agent and specify the host's authentication settings when you:

The MongoDB Agent can use the Kerberos authentication mechanism to authenticate to the MongoDB deployment.

If your MongoDB deployment uses Kerberos for authentication, you must:

Back

Security