Docs Menu

Docs HomeMongoDB Manual


On this page

  • Authentication Methods
  • Compatibility
  • Getting Started
  • Authentication Mechanisms
  • Internal Authentication
  • Authentication on Sharded Clusters

Authentication is the process of verifying the identity of a client. When access control, i.e. authorization, is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.

Although authentication and authorization are closely connected, authentication is distinct from authorization. Authentication verifies the identity of a user; authorization determines the verified user's access to resources and operations.

To authenticate as a user, you must provide a username, password, and the authentication database associated with that user.

To authenticate using the mongo shell, either:

  • Use the mongo command-line authentication options (--username, --password, and --authenticationDatabase) when connecting to the mongod or mongos instance, or

  • Connect first to the mongod or mongos instance, and then run the authenticate command or the db.auth() method against the authentication database.


    Authenticating multiple times as different users does not drop the credentials of previously-authenticated users. This may lead to a connection having more permissions than intended by the user, and causes operations within a logical session to raise an error.

For examples of authenticating using a MongoDB driver, see the driver documentation.

You can use authentication for deployments hosted in the following environments:

  • MongoDB Atlas: The fully managed service for MongoDB deployments in the cloud

To learn more about authenticating for deployments hosted in MongoDB Atlas, see Atlas UI Authentication.

To get started using access control, follow these tutorials:

MongoDB supports a number of authentication mechanisms that clients can use to verify their identity. These mechanisms allow MongoDB to integrate into your existing authentication system.

MongoDB supports multiple authentication mechanisms:

In addition to supporting the aforementioned mechanisms, MongoDB Enterprise also supports the following mechanisms:

In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to authenticate their membership to their respective replica set or sharded cluster. See Internal/Membership Authentication for more information.

In sharded clusters, clients generally authenticate directly to the mongos instances. However, some maintenance operations may require authenticating directly to a specific shard. For more information on authentication and sharded clusters, see Sharded Cluster Users.

←  Enable Access ControlUsers →
Share Feedback
© 2023 MongoDB, Inc.


  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2023 MongoDB, Inc.