Docs Menu
Docs Home
/
MongoDB Cloud Manager
/ /

Configure MongoDB Agent for Authentication

On this page

  • Prerequisites
  • Configure Deployments to Use Authentication
  • Configure Deployments Managed by Automation
  • Go to the Deployment page for your project.
  • Go to the Security page.
  • Add the appropriate credentials.
  • Configure Deployments Not Managed by Automation
  • Backup
  • Monitoring

MongoDB supports the following authentication mechanisms depending on your MongoDB version:

MongoDB Version
Default Authentication Mechanism
4.0 or later
SCRAM authentication mechanisms with the SHA-256 and SHA-1 hash functions. SCRAM-SHA-1 (RFC 5802) and SCRAM-SHA-256 (RFC 7677) are IETF standards that define best practice methods for implementation of challenge-response mechanisms for authenticating users with passwords.
3.0 to 3.6
SCRAM authentication mechanism with``SHA-1`` hash function.
2.6 or earlier
MongoDB Challenge and Response (MONGODB-CR). MONGODB-CR is a challenge-response mechanism that authenticates users through passwords.

The MongoDB Agent can use SCRAM-SHA-1 or SCRAM-SHA-256 to authenticate to hosts that enforce access control.

Note

With Automation, Cloud Manager manages MongoDB Agent authentication for you. To learn more about authentication, see Enable Username and Password Authentication for your Cloud Manager Project.

The MongoDB Agent interacts with the MongoDB databases in your deployment as a MongoDB user would. As a result, you must configure your MongoDB deployment and the MongoDB Agent to support authentication.

You can specify the deployment's authentication mechanisms when adding the deployment, or you can edit the settings for an existing deployment. At minimum, the deployment must enable the authentication mechanism you want the MongoDB Agent to use. The MongoDB Agent can use any supported authentication mechanism.

When you install the MongoDB Agent with Automation, Cloud Manager creates a user to authenticate on the MongoDB database. Cloud Manager create this MongoDB user (mms-automation) in the admin database with the correct privileges for each MongoDB Agent function.

Configure these credentials in Cloud Manager.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

2

Click the Security tab.

3
  1. Click Settings.

  2. Continue through the modal until you see the Configure Cloud Manager Agents page.

  3. Add the appropriate credentials:

    Setting
    Value
    MongoDB Agent Username
    Enter the MongoDB Agent username.
    MongoDB Agent Password
    Enter the password for the MongoDB Agent username.

Each MongoDB Agent function uses a different set of MongoDB shell (mongosh) commands to configure a user with the appropriate roles and privileges.

User creation commands vary depending on the version of MongoDB that you use:

To monitor MongoDB 4.0 or later instances that use SCRAM authentication, add a user to the admin database in MongoDB. Assign this user the roles provided in the following example.

db.getSiblingDB("admin").createUser(
{
user: "<username>",
pwd: "<password>",
roles: [ {
role: "clusterMonitor", db: "admin"
} ]
}
)

To learn what roles this function requires, see Monitoring settings.

Configure Monitoring Credentials

After you create the user for the Monitoring function, add the credentials to the Monitoring Settings.

1
  1. If it is not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it is not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. If the Deployment page is not already displayed, click Deployment in the sidebar.

2
  1. Click the , and then Monitoring Settings.

  2. Click Credentials.

  3. Add the appropriate credentials:

    Setting
    Value
    Monitoring Username
    Enter the Monitoring username.
    Monitoring Password
    Enter the password for the Monitoring username.
← Configure the MongoDB Agent for Access Control