Note
Starting in MongoDB 8.0, LDAP authentication and authorization is deprecated. LDAP is available and will continue to operate without changes throughout the lifetime of MongoDB 8. LDAP will be removed in a future major release.
For details, see LDAP Deprecation.
Enabling access control on a MongoDB deployment enforces authentication. With access control enabled, users are required to identify themselves and can only perform actions that adhere to the permissions granted by the roles assigned to their user.
You can configure authentication in the UI for deployments hosted in MongoDB Atlas.
Note
You can't disable access control in MongoDB Atlas.
Access Control Resources
If you would like to enable access control for a standalone MongoDB instance, please refer to one of the following resources:
- Use SCRAM to Authenticate Clients on Self-Managed Deployments
- Use X.509 Certificates to Authenticate Clients on Self-Managed Deployments
- Configure Self-Managed MongoDB with Kerberos Authentication on Linux
- Configure Self-Managed MongoDB with Kerberos Authentication on Windows
- Configure Self-Managed MongoDB with Kerberos and Active Directory Authorization
- Authenticate Using Self-Managed SASL and LDAP with ActiveDirectory
- Authenticate Using Self-Managed SASL and LDAP with OpenLDAP
- Configure Users Using Self-Managed Active Directory with Native LDAP
- Authentication and Authorization with OIDC/OAuth 2.0
If you would like to enable access control for a replica set or a sharded cluster, please refer to one of the following resources:
- Deploy Self-Managed Replica Set With Keyfile Authentication
- Update Self-Managed Replica Set to Keyfile Authentication
- Update Self-Managed Replica Set to Keyfile Authentication (No Downtime)
- Deploy Self-Managed Sharded Cluster with Keyfile Authentication
- Update Self-Managed Sharded Cluster to Keyfile Authentication
- Update Self-Managed Sharded Cluster to Keyfile Authentication (No Downtime)
- Configure Self-Managed MongoDB with Kerberos Authentication on Linux
- Configure Self-Managed MongoDB with Kerberos Authentication on Windows
- Configure Self-Managed MongoDB with Kerberos and Active Directory Authorization
- Authenticate Using Self-Managed SASL and LDAP with ActiveDirectory
- Authenticate Using Self-Managed SASL and LDAP with OpenLDAP
- Configure Users Using Self-Managed Active Directory with Native LDAP
Next Steps
To create additional users, see Create a User on Self-Managed Deployments.
To manage users, assign roles, and create custom roles, see Manage Users and Roles on Self-Managed Deployments.