Docs Home → Develop Applications → MongoDB Manual

Configure MongoDB with OpenID Connect

On this page

Before you Begin

Steps
Learn More

OpenID Connect is currently available in Public Preview and is only supported on Linux binaries.

MongoDB Enterprise provides support for OpenID Connect Authentication. You can use OpenID Connect to configure single sign-on between your MongoDB database and a third-party identity provider.

Before you Begin

Set up an OpenID Connect client profile with your chosen provider: Microsoft Azure AD or Okta.
When using mongosh to connect, if you use the oidcRedirectUri option, the URI must match the configuration of the identity provider.
Ensure that you are on MongoDB Enterprise.
To verify that you are using MongoDB Enterprise, pass the --version command line option to the mongod or mongos:
```
mongod --version
```
In the output from this command, look for the string modules: subscription or modules: enterprise to confirm you are using the MongoDB Enterprise binaries.

Steps

Configure the MongoDB server

To configure the MongoDB server, enable the MONGODB-OIDC authentication mechanism and use the oidcIdentityProviders to specify identity provider (IDP) configurations.

You can configure the MongoDB server using your configuration file or the command line.

Create MongoDB roles

In the admin database, use the db.createRole() method to create roles that map the identity provider group roles to MongoDB roles.

Use the following format to create roles:

<authNamePrefix>/<authorizationClaim>

The oidcIdentityProviders parameter provides the authNamePrefix field and the authorizationClaim field. For example:

db.createRole( {
   role: "okta/Everyone",
   privileges: [ ],
   roles: [ "readWriteAnyDatabase" ]
   } )

Learn More

OpenID Connect Authentication

← OpenID Connect Authentication

Internal/Membership Authentication →