[COMPASS-6587] Investigate changes in PM-2257: OpenID Connect (OIDC) Authentication Support Created: 06/Mar/23  Updated: 02/May/23  Resolved: 02/May/23

Status: Closed
Project: Compass
Component/s: None
Affects Version/s: None
Fix Version/s: No version

Type: Investigation Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Epic Link: COMPASS-5987
Documentation Changes: Not Needed

 Description   
Original Downstream Change Summary

For Cloud: Add support for OIDC authentication on Cloud and Ops Manager (see CLOUD-128564). Add support for OIDC configuration in Atlas (see CLOUD-128394).

For Drivers: Implement client-side support for the MONGODB-OIDC SASL mechanism across all drivers (see DRIVERS-2415). MONGODB-OIDC will work either as a single-step mechanism that simply passes a token into the server or a two-step protocol that uses the server's provided OIDC metadata to acquire a token and then propagate that in the second step.

For DBX: Implement support in the mongosh shell and Compass for authenticating to the server via MONGODB-OIDC (see MONGOSH-1271)

For Docs: Document OIDC workflows with a focus on single IDP configurations as described in the design document.

Description of Linked Ticket

Epic Summary

Summary

Add OpenID Connect (OIDC) as authentication mechanism

Motivation

Several customers have asked if they can use single-sign on to login into Atlas clusters. Currently, the only mechanism available is AWS-IAM which they can then tie to their own identity provider. However, this mechanism is AWS-specific. Customers are looking for 1) their Atlas users to also login into the database without creating database specific credentials 2) provide native support for Azure and GCP IAM for the database. This project is a stepping stone towards achieving these goals.

Competition reference (CockroachDB): https://www.cockroachlabs.com/docs/v20.2/sso

Cast of Characters

  • Product Owner: Fuat Ertunc
  • Project Lead: Spencer Jackson
  • Program Manager: Elizabeth Roytburd
  • Drivers Contact: Steve Silvester

Documentation

Scope Document
Technical Design Document
Product Description
Docs Update



 Comments   
Comment by Anna Henningsen [ 02/May/23 ]

Handled by the respective projects (MONGOSH-1271 et al)

Generated at Wed Feb 07 22:43:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.