[COMPASS-6587] Investigate changes in PM-2257: OpenID Connect (OIDC) Authentication Support Created: 06/Mar/23 Updated: 02/May/23 Resolved: 02/May/23 |
|
| Status: | Closed |
| Project: | Compass |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | No version |
| Type: | Investigation | Priority: | Major - P3 |
| Reporter: | Backlog - Core Eng Program Management Team | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Epic Link: | COMPASS-5987 | ||||
| Documentation Changes: | Not Needed | ||||
| Description |
|
Original Downstream Change Summary For Cloud: Add support for OIDC authentication on Cloud and Ops Manager (see CLOUD-128564). Add support for OIDC configuration in Atlas (see CLOUD-128394). For Drivers: Implement client-side support for the MONGODB-OIDC SASL mechanism across all drivers (see DRIVERS-2415). MONGODB-OIDC will work either as a single-step mechanism that simply passes a token into the server or a two-step protocol that uses the server's provided OIDC metadata to acquire a token and then propagate that in the second step. For DBX: Implement support in the mongosh shell and Compass for authenticating to the server via MONGODB-OIDC (see MONGOSH-1271) For Docs: Document OIDC workflows with a focus on single IDP configurations as described in the design document. Description of Linked TicketEpic Summary SummaryAdd OpenID Connect (OIDC) as authentication mechanism MotivationSeveral customers have asked if they can use single-sign on to login into Atlas clusters. Currently, the only mechanism available is AWS-IAM which they can then tie to their own identity provider. However, this mechanism is AWS-specific. Customers are looking for 1) their Atlas users to also login into the database without creating database specific credentials 2) provide native support for Azure and GCP IAM for the database. This project is a stepping stone towards achieving these goals. Competition reference (CockroachDB): https://www.cockroachlabs.com/docs/v20.2/sso Cast of Characters
DocumentationScope Document |
| Comments |
| Comment by Anna Henningsen [ 02/May/23 ] |
|
Handled by the respective projects (MONGOSH-1271 et al) |