Docs Menu

Authentication Connection Tab

On this page

  • Procedure

The Authentication tab allows you to connect to deployments that require authentication. To learn about authentication mechanisms within MongoDB, see Authentication Mechanisms.

New Advanced Connection Options

Select your authentication method from the following options:

Provide the following information:

  • Username
  • Password
  • (Optional) Authentication Database
  • Authentication Mechancism:

    • Default

      The Default setting selects the first authentication mechanism supported by the server according to an order of preference.

      With the Default setting, MongoDB tries to authenticate using the following mechanisms in the order they are listed:

      1. SCRAM-SHA-256
      2. SCRAM-SHA-1
      3. MONGODB-CR

    • SCRAM-SHA-1
    • SCRAM-SHA-256

Select X.509 if the deployment uses X.509 as its authentication mechanism.


X.509 Authentication requires a client certificate. To enable TLS and add a client certificate, see the TLS / SSL tab in Compass.

Select Kerberos if the deployment uses Kerberos as its authentication mechanism.

Provide the following information:

Every participant in the authenticated communication is known as a "principal", and every principal must have a unique name.
(Optional) Service Name
Every MongoDB mongod and mongos instance (or exe or exe on Windows) must have an associated service name. The default is mongodb.
(Optional) Canonicalize Host Name
Kerberos uses the canonicalized form of the host name (cname) when constructing the principal for MongoDB Compass.
(Optional) Service Realm

The service realm is the domain over which a Kerberos authentication server has the authority to authenticate a user.

If you choose to Canonicalize Host Name, you can specify one of the following options:

The driver does a cname lookup on the kerberos hostname.
Forward and Reverse
Performs a forward DNS lookup and then a reverse lookup on that value to canonicalize the hostname.

For more information on principal name canonicalization in Kerberos, see this RFC document.

(Optional) Provide password directly
Used to verify your identity.

Select LDAP if the deployment uses LDAP as its authentication mechanism.

Provide the following information:

  • Username
  • Password

Select AWS IAM if the deployment uses AWS IAM as its authentication mechanism.

The following fields are optional as they can be defined on your platform using their respective AWS IAM environment variables. MongoDB Compass will use these environment variable values to authenticate; you do not need to specify them in the connection string.

  • (Optional) AWS Access Key Id
  • (Optional) AWS Secret Access Key
  • (Optional) AWS Session Token
See also:

To disconnect from your deployment, see Disconnect from MongoDB.

←  General Connection TabTLS / SSL Connection Tab →

On this page

Give Feedback
© 2022 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2022 MongoDB, Inc.