0PricingLogin
MongoDB Academy · Lesson

Authentication Mechanisms: SCRAM and x.509

Learners will enable SCRAM-SHA-256 authentication, create database users, and configure x.509 certificate-based authentication for internal cluster auth.

Why Authentication Is Critical

By default, a freshly installed MongoDB instance listens on 0.0.0.0:27017 with no authentication required. Countless real-world breaches have resulted from developers leaving MongoDB exposed to the internet without auth enabled. Production deployments must always enable authentication so that only credentialed users and services can connect. MongoDB supports multiple authentication mechanisms — the two most important are SCRAM and x.509 certificates.

Enabling Authentication in mongod

Authentication is enabled by adding security.authorization: enabled to the mongod.conf configuration file (or passing --auth on the command line). Once enabled, every connection attempt must supply valid credentials. Before enabling auth on an existing deployment, always create an admin user first — otherwise you will lock yourself out.

# mongod.conf snippet
security:
  authorization: enabled

# Or start mongod with --auth flag
# mongod --auth --dbpath /data/db

All lessons in this course

  1. Authentication Mechanisms: SCRAM and x.509
  2. Role-Based Access Control: Built-In and Custom Roles
  3. Encryption at Rest and TLS in Transit
  4. Client-Side Field Level Encryption
← Back to MongoDB Academy