MongoDB offers built-in security controls for all your data – with databases managed in a customer environment or MongoDB Atlas, a fully managed cloud service. MongoDB enables enterprise-grade security features and simplifies deploying and managing your databases.

Authenticate to Atlas UI with your Atlas credentials or single sign-on with your GitHub or Google accounts. Atlas also supports multi-factor authentication (MFA) with various options, including OTP authenticators, push notifications, FIDO2 (hardware security keys or biometrics), SMS, and e-mail.

Authenticate to MongoDB database using mechanisms including SCRAM, x.509 certificates, LDAP, OIDC, and passwordless authentication with AWS-IAM.

Atlas provides Role-Based Access Control (RBAC) to manage all cloud resources, including MongoDB deployments. In Atlas, a user can be granted one or more roles that determine the user's access privilege to an Atlas Organization and a Project. A user can also be granted fine-grained database roles for database operations. With identity federation, you can manage access to Atlas via your identity provider groups and Atlas roles using group-role mappings.

MongoDB database has an extensive RBAC for performing specific actions on database(s) and collection(s).

MongoDB offers granular auditing that monitors actions in your MongoDB environment and is designed to prevent and detect any unauthorized access to data, including create, read, update, and delete (CRUD) operations, encryption key management, authentication, and role-based access controls, replication, and sharding cluster operations.

MongoDB data encryption offers robust features to protect your data while in-transit (network), at-rest (storage), and in-use (memory, logs). Customers can use automatic encryption of key data fields like PII, PHI, or any data deemed sensitive — ensuring data is encrypted throughout its lifecycle.

Atlas offers many options to securely access your data with dedicated clusters deployed in a unique Virtual Private Cloud (VPC) to isolate your data and prevent inbound network access from the internet.

Allow just a one-way connection from your AWS, Azure, or Google Cloud VPC/VNet to Atlas Clusters via Private Endpoints. You can enable peering between your MongoDB Atlas VPC or VNet to your own dedicated application tier virtual private network with the cloud provider of your choice or enable only specific network segments to connect to your Atlas clusters via IP Access list.

Atlas databases are available in 125+ regions across AWS, Google Cloud, and Azure. Store your data across any of the regions. Take advantage of multi-cloud and multi-region deployments, allowing you to target the providers and regions that best serve your users. Zoned sharding is available to Atlas customers as part of the fully managed cloud service to support location-aware storage and database operations for globally distributed application instances and clients.