Navigation

Enable Username and Password Authentication for your Cloud Manager Group

Overview

Cloud Manager enables you to configure the Authentication Mechanisms that all clients, including the Cloud Manager Agents, use to connect to your MongoDB deployments. You can enable multiple authentication mechanisms for each of your groups, but you must choose only one mechanism for the Agents.

MongoDB users can use usernames and passwords to authenticate themselves against a MongoDB database.

MongoDB Version Default authentication mechanism
MongoDB 3.0 and later Salted Challenge Response Authentication Mechanism using the SHA-1 hashing algorithm (SCRAM-SHA-1).
MongoDB 2.8 and earlier MongoDB Challenge and Response (MONGODB-CR).

SCRAM-SHA-1

SCRAM-SHA-1 is an IETF standard, RFC 5802, that defines best practice methods for implementation of challenge-response mechanisms for authenticating users with passwords.

SCRAM-SHA-1 verifies supplied user credentials against the user’s name, password and database. The user’s database is the database where the user was created, and the user’s database and the user’s name together serve to identify the user.

MONGODB-CR

MONGODB-CR is a challenge-response mechanism that authenticates users with passwords.

MONGODB-CR verifies supplied user credentials against the user’s name, password and database. The user’s database is the database where the user was created. The user’s database and name together serve to identify the user.

Considerations

This tutorial describes how to enable Username and Password authentication for your Cloud Manager MongoDB deployment.

Note

The MongoDB Community version supports Username and Password authentication and x.509 authentication.

Note

If Cloud Manager is not managing any MongoDB deployment, you can reset Authentication and SSL settings for your group.

To remove all authentication and security settings as well as the users and roles you created using Cloud Manager, click Clear Settings in the Authentication & SSL Settings dialog box .

See Clear Security Settings for more information.

To unmanage MongoDB deployments, see Remove a Process from Management or Monitoring.

Procedure

This procedure describes how to configure and enable username and password authentication when using Automation. If your Monitoring or Backup agents are not managed by Cloud Manager, you must manually configure them to use Usernames and Passwords. See: Configure Monitoring Agent for MONGODB-CR and Configure Backup Agent for MONGODB-CR for instructions.

1
2

Check Username/Password (MONGODB-CR/SCRAM-SHA-1), then click Next.

3

Configure SSL if desired.

  1. Toggle the Enable SSL slider to Yes.
  2. Click Next

Note

See Enable SSL for a Deployment for SSL setup instructions.

SSL is not required for use with Username/Password (MONGODB-CR/SCRAM-SHA-1) authentication.

4

Configure Username/Password (MONGODB-CR/SCRAM-SHA-1) for the Agents.

You can enable more than one authentication mechanism for your MongoDB deployment, but the Cloud Manager Agents can only use one authentication mechanism. Select Username/Password (MONGODB-CR/SCRAM-SHA-1) to connect to your MongoDB deployment.

  1. Select Username/Password (MONGODB-CR/SCRAM-SHA-1) from the Agent Auth Mechanism drop-down menu.

    Cloud Manager automatically generates the Agents’ usernames and passwords.

    Cloud Manager creates users for the agents with the required user roles in the admin database for each existing deployment in Cloud Manager. When you add a new deployment, Cloud Manager creates the required users in the new deployment.

  2. Click Save.

5

Click Review & Deploy to review your changes.

6

Review and approve your changes.

Cloud Manager displays your proposed changes.

  1. If you are satisfied, click Confirm & Deploy.
  2. Otherwise, click Cancel and you can make additional changes.
7

Create MongoDB Roles for LDAP Groups. (Optional)

After enabling LDAP Authorization, you need to create custom MongoDB roles for each LDAP Group you specified for LDAP Authorization.