MongoDB

Starting March 26, 2025, MongoDB will begin rolling out mandatory multi-factor authentication (MFA) for MongoDB Atlas users.

Atlas will enable the email one-time password (OTP) feature for users who have not yet configured MFA. Upon login, these users must complete an email OTP verification and will subsequently be encouraged to set up a second MFA option as part of the ongoing MFA setup process. This approach allows users to explore additional MFA options, including those resistant to phishing.

Atlas supports the following MFA methods:

Security key or biometrics: FIDO2 (WebAuthn) compliant security keys such as <a href="https://www.yubico.com/products/how-the-yubikey-works/" target="_blank" rel="nofollow noopener noreferrer">YubiKey</a>, or biometric authentication methods like Apple Touch ID or Windows Hello.

One-time password (OTP) and push notifications: Provided through the <a href="https://help.okta.com/en-us/content/topics/mobile/okta-verify-overview.htm" target="_blank" rel="nofollow noopener noreferrer">Okta Verify app</a>.

Authenticator apps: Applications like <a href="https://authy.com/" target="_blank" rel="nofollow noopener noreferrer">Twilio Authy</a>, <a href="https://support.google.com/accounts/answer/1066447" target="_blank" rel="nofollow noopener noreferrer">Google Authenticator</a>, or <a href="https://www.microsoft.com/en-us/security/mobile-authenticator-app" target="_blank" rel="nofollow noopener noreferrer">Microsoft Authenticator</a> can be used for generating time-based OTPs.

- Security key or biometrics: FIDO2 (WebAuthn) compliant security keys such as <a href="https://www.yubico.com/products/how-the-yubikey-works/" target="_blank" rel="nofollow noopener noreferrer">YubiKey</a>, or biometric authentication methods like Apple Touch ID or Windows Hello.
- One-time password (OTP) and push notifications: Provided through the <a href="https://help.okta.com/en-us/content/topics/mobile/okta-verify-overview.htm" target="_blank" rel="nofollow noopener noreferrer">Okta Verify app</a>.
- Authenticator apps: Applications like <a href="https://authy.com/" target="_blank" rel="nofollow noopener noreferrer">Twilio Authy</a>, <a href="https://support.google.com/accounts/answer/1066447" target="_blank" rel="nofollow noopener noreferrer">Google Authenticator</a>, or <a href="https://www.microsoft.com/en-us/security/mobile-authenticator-app" target="_blank" rel="nofollow noopener noreferrer">Microsoft Authenticator</a> can be used for generating time-based OTPs.
- Email: Used for generating OTPs.

Note: MongoDB encourages users to choose phishing-resistant MFA methods, such as security keys or biometrics.

MFA will be a prerequisite for all users when logging into MongoDB services using Atlas credentials. These services include:

<a href="https://account.mongodb.com/account/login?signedOut=true&amp;n=https%3A%2F%2Fcloud.mongodb.com%2Fv2" target="_blank" rel="nofollow noopener noreferrer">MongoDB Atlas user interface</a>

<a href="https://support.mongodb.com/" target="_blank" rel="nofollow noopener noreferrer">MongoDB Support portal</a>

<a href="https://learn.mongodb.com/" target="_blank" rel="nofollow noopener noreferrer">MongoDB University</a>

<a href="https://www.mongodb.com/community/forums/" target="_blank" rel="nofollow noopener noreferrer">MongoDB Forums</a>

- <a href="https://account.mongodb.com/account/login?signedOut=true&amp;n=https%3A%2F%2Fcloud.mongodb.com%2Fv2" target="_blank" rel="nofollow noopener noreferrer">MongoDB Atlas user interface</a>
- <a href="https://support.mongodb.com/" target="_blank" rel="nofollow noopener noreferrer">MongoDB Support portal</a>
- <a href="https://learn.mongodb.com/" target="_blank" rel="nofollow noopener noreferrer">MongoDB University</a>
- <a href="https://www.mongodb.com/community/forums/" target="_blank" rel="nofollow noopener noreferrer">MongoDB Forums</a>

Multi-factor authentication protects users from credential-based attacks and unauthorized access. Making MFA’s additional layer of authentication mandatory ensures greater account security. This safeguards mission-critical applications and data.

Users will no longer be able to remove the last MFA factor from their user profile.

Newly registered users will not face an MFA challenge during account activation, which occurs after they verify their email. Once their session is active, Atlas will set email OTP as the default MFA method. These users will be required to complete an email OTP MFA challenge the next time they attempt to log in.

Users with no MFA factor will be challenged with email OTP if they log in through a bypass SSO URL or if they switch from social login to Atlas credentials by using password reset flow.

Users will have the option to choose "Remember this device." If they select this option, they will not be required to complete the MFA challenge again for 15 days when using the same device and browser.

- Users will no longer be able to remove the last MFA factor from their user profile.
- Newly registered users will not face an MFA challenge during account activation, which occurs after they verify their email. Once their session is active, Atlas will set email OTP as the default MFA method. These users will be required to complete an email OTP MFA challenge the next time they attempt to log in.
- Users with no MFA factor will be challenged with email OTP if they log in through a bypass SSO URL or if they switch from social login to Atlas credentials by using password reset flow.
- Users will have the option to choose "Remember this device." If they select this option, they will not be required to complete the MFA challenge again for 15 days when using the same device and browser.

Detailed instructions on how to setup MFA: <a href="https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/#enable-multi-factor-authentication" target="_blank" rel="nofollow noopener noreferrer">Atlas Enable Multi-Factor Authentication</a> documentation

<a href="https://www.mongodb.com/blog/post/secure-by-default-mandatory-mfa-in-mongodb-atlas" target="_blank" rel="nofollow noopener noreferrer">Secure by Default: Mandatory MFA in MongoDB Atlas</a> blog post

<a href="https://www.mongodb.com/products/capabilities/security" target="_blank" rel="nofollow noopener noreferrer">MongoDB Security</a> webpage

<a href="https://www.mongodb.com/products/platform/trust" target="_blank" rel="nofollow noopener noreferrer">MongoDB Trust Center</a>

- Detailed instructions on how to setup MFA: <a href="https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/#enable-multi-factor-authentication" target="_blank" rel="nofollow noopener noreferrer">Atlas Enable Multi-Factor Authentication</a> documentation
- <a href="https://www.mongodb.com/blog/post/secure-by-default-mandatory-mfa-in-mongodb-atlas" target="_blank" rel="nofollow noopener noreferrer">Secure by Default: Mandatory MFA in MongoDB Atlas</a> blog post
- <a href="https://www.mongodb.com/products/capabilities/security" target="_blank" rel="nofollow noopener noreferrer">MongoDB Security</a> webpage
- <a href="https://www.mongodb.com/products/platform/trust" target="_blank" rel="nofollow noopener noreferrer">MongoDB Trust Center</a>

Why is Atlas requiring a verification code on login, and why do I need to set up MFA?

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Why is Atlas requiring a verification code on login, and why do I need to set up MFA?

Answer

Additional information

Relevant resources