Connections Manager 
Import Wizard 
Collections Tab 
Visual Query Builder 
SQL Query 
SQL Connection Manager 
Team Sharing 
LDAP/ Kerberos
Export Wizard .svg){kind=icon}
SQL to MongoDB.svg){kind=icon}
MongoDB to SQL
Data Compare & Sync 
Task Scheduler 
Intellishell 
Schema Explorer 
AI Helper 
Aggregration Editor 
Query Code 
Query Profiler 
Index Manager 
Visual Explain 
Reschema 
Users and Roles Manager 
Data Masking 
If you have a MongoDB Enterprise license, you can take advantage of the authentication methods supported by the MongoDB Enterprise Server: LDAP, OIDC, and Kerberos. This article provides a brief overview of each protocol and where you can find information about how they are supported in MongoDB.
Starting with MongoDB 8.0, LDAP authentication is deprecated and will be removed in a future release.
What is LDAP?
LDAP (Lightweight Directory Access Protocol) is a protocol used to access directory servers for authenticating and authorizing users.
If you’re using databases which support the protocol like MongoDB, think of LDAP as the layer that sits on top of them, enabling you to centrally authenticate and authorize users by running LDAP-specific queries. No complex cryptography, just straightforward lookups.
LDAP authentication in MongoDB
MongoDB Enterprise queries the LDAP server to find the LDAP groups for the authenticated user and authorizes the user based on their roles and privileges. You can find a summary of how MongoDB Enterprise Server supports LDAP authorization in the MongoDB documentation.
What is OIDC?
OpenID Connect (OIDC) is a secure authentication protocol that enables user authentication and identity verification using trusted identity providers, such as Microsoft Entra ID and Okta. OIDC supports Single Sign-On (SSO), facilitating centralized identity and access management.
OIDC authentication in MongoDB
You can find a detailed description of how authentication using OIDC works in our knowledge base article, including links to the MongoDB documentation.
What is Kerberos?
Kerberos is a protocol that uses strong key cryptography for authentication in large client-server systems, unlike LDAP which checks for key-value pairs like username-password to authenticate users.
Each client or local machine lives within a “realm” – think of it as the scope of assets or services it’s allowed to access. The realm holds a secret key which serves as proof of identity whenever it sends a request to what’s called the Key Distribution Center (KDC). The authentication server within the KDC takes this secret key to request an access-granting “ticket” from the ticket-granting server, also within the KDC. The ticket is granted only after a series of successful mutual authentication between the client and the KDC, which then gives the user access to the requested service.
Kerberos authentication in MongoDB
MongoDB Enterprise provides support for Kerberos authentication of MongoDB clients. You can find a summary of how MongoDB Enterprise Server supports Kerberos authentication in the MongoDB documentation, including the full list of compatible MongoDB drivers and information about Linux and Windows configurations.
Certified for MongoDB Enterprise
Studio 3T is a certified MongoDB Enterprise partner. Studio 3T fully integrates with MongoDB Enterprise Server and makes it easy to deploy both LDAP, OIDC, and Kerberos authentication across your organization.
Built especially for teams that deploy MongoDB in enterprises, Studio 3T unlocks a full suite of advanced features. Use data masking to protect sensitive data, generate query code in different languages, use SQL to query MongoDB, and seamlessly migrate from MongoDB to SQL and SQL to MongoDB to create efficient workflows that save time and effort.
This article was originally published by Kathryn Vargas and has since been updated.
