The SQL Interface supports multiple authentication mechanisms to connect to your MongoDB deployment. This page includes supported authentication methods, component compatibility, and deployment availability for both Atlas and self-managed MongoDB Enterprise deployments.
Authentication Support Matrix
The following table shows which authentication mechanisms are supported by each SQL Interface component:
Component | SCRAM | X.509 | LDAP | GSSAPI | AWS IAM | OIDC |
|---|---|---|---|---|---|---|
MongoDB SQL Schema Builder | Yes | Yes | Yes | Yes | Yes | Yes |
ODBC Driver | Yes | Yes | Yes | Yes | Yes | Yes |
JDBC Driver | Yes | Yes | Yes | Yes | Yes | Yes |
Power BI Desktop | Yes | Yes | Yes | Yes | Yes | Yes |
Power BI Gateway | Yes | No | No | No | No | No |
Tableau Desktop | Yes | Yes | Yes | Yes | Yes | Yes |
Tableau Server | Yes | Yes | No | No | No | No |
Tableau Cloud | Yes | No | No | No | No | No |
Note
Not all third-party BI tools support these authentication options even though they are supported in the MongoDB drivers. Test the features you want to use to confirm they work with your specific BI tool.
Deployment Compatibility Matrix
The following table shows which authentication mechanisms are available for each MongoDB deployment type:
Authentication Mechanism | Atlas | |
|---|---|---|
SCRAM | Yes | Yes |
X.509 | Yes | Yes |
LDAP | No | Yes |
Kerberos (GSSAPI) | No | Yes |
AWS IAM | Yes | No |
OIDC | Yes | Yes |
Important
Starting in MongoDB 8.0, LDAP authentication and authorization is deprecated. LDAP is available and will continue to operate without changes throughout MongoDB 8, but will be removed in a future major release. Consider migrating to OIDC or another supported authentication mechanism. For more information, see LDAP Deprecation.
Security Considerations
When configuring authentication for the SQL Interface, consider the following security best practices:
Use strong authentication mechanisms: Prefer X.509, OIDC, or Kerberos over password-based authentication when possible.
Enable TLS encryption: Always use TLS to protect credentials and data in transit.
Follow the principle of least privilege: Grant users only the minimum permissions required for their tasks.
Secure credential storage: Never hardcode credentials in connection strings. Use environment variables, credential files, or secure credential management systems.
Regular credential rotation: Implement regular rotation of passwords and certificates.
Monitor authentication events: Enable audit logging to track authentication attempts and failures.