Docs Home → Develop Applications → MongoDB Manual

OpenID Connect Authentication

On this page

Behavior

Get Started
Details
Learn More

OpenID Connect is currently available in Public Preview and is only supported on Linux binaries.

MongoDB Enterprise supports OpenID Connect authentication. OpenID Connect is an authentication layer built on top of OAuth2. You can use OpenID Connect to configure single sign-on between your MongoDB database and a third-party identity provider.

Behavior

To authenticate using OpenID Connect, enable the MONGODB-OIDC authentication mechanism.
OpenID Connect uses access tokens to provide identity information. The access tokens are encoded as JSON Web Tokens (JWT). They contain information about user identities and authorization rights.
MongoDB currently supports the use of Microsoft Azure AD and Okta as third-party identity providers.

Get Started

Configure MongoDB with OpenID Connect

Details

The OpenID Connect authentication process with MongoDB is summarized below:

Configure your MongoDB server with OpenID Connect. The configuration includes information from your identity provider, such as client ID, authorization endpoints, and token endpoints. For more details, see Configure MongoDB with OpenID Connect.
The client application (for example mongosh or MongoDB Compass) contacts the identity provider's authorization endpoint. You are redirected to your identity provider's login screen. Provide your credentials to complete authentication.
The client application receives an access token from the identity provider.
The MongoDB server uses the access token provided from the client application to finalize authentication. The access token contains information such as user identity and authorization rights.

Learn More

← Authenticate and Authorize Users Using Active Directory via Native LDAP

Configure MongoDB with OpenID Connect →