- Security >
- Authentication
Authentication¶
On this page
Authentication is the process of verifying the identity of a client. When access control, i.e. authorization, is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.
Although authentication and authorization are closely connected, authentication is distinct from authorization. Authentication verifies the identity of a user; authorization determines the verified user’s access to resources and operations.
Authentication Methods¶
To authenticate a user, MongoDB provides the db.auth() method.
For the mongo shell and the MongoDB tools, you can also authenticate a user by passing in the user authentication information from the command line.
Authentication Mechanisms¶
MongoDB supports a number of authentication mechanisms that clients can use to verify their identity. These mechanisms allow MongoDB to integrate into your existing authentication system.
MongoDB supports multiple authentication mechanisms:
MongoDB Challenge and Response (MONGODB-CR)
Changed in version 3.0: New challenge-response users created in 3.0 will use SCRAM-SHA-1. If using 2.6 user data, MongoDB 3.0 will continue to use the MONGODB-CR.
In addition to supporting the aforementioned mechanisms, MongoDB Enterprise also supports the following mechanisms:
Internal Authentication¶
In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to authenticate their membership to their respective replica set or sharded cluster. See Internal Authentication for more information.
Authentication on Sharded Clusters¶
In sharded clusters, clients generally authenticate directly to the mongos instances. However, some maintenance operations may require authenticating directly to a specific shard. For more information on authentication and sharded clusters, see Sharded Cluster Users.