Manage Your Multi-Factor Authentication Options
On this page
Important
Multi-factor authentication (MFA) replaces Legacy 2FA. As of May 30, 2024, Legacy 2FA is a retired feature. All users with Legacy 2FA must set up MFA.
Authentication verifies the identity of a user. The process uses either something you have or something you know. You know your password. You have an app that gives you a one-time token. Multi-factor authentication (MFA) uses both.
Considerations
When enabling MFA, Atlas requests two forms of identification: your password and one of the following recommended factors:
Security Key / Biometrics
Okta Verify Mobile App
OTP
Push Notifications
Authenticator App (TOTP)
You can choose any TOTP for authentication. We recommend enabling cloud backups when possible to avoid being locked out of your account.
SMS (use with caution)
Email (use with caution)
Set Up Backup Multi-Factor Authentication Methods
Warning
Enable a minimum of two methods so that you can still access your account if you lose access to one method.
While you can set up one, some, or all of the available methods, we strongly recommend that you set up at least two methods. When Atlas requires MFA, it offers you the choice of which method to use. If you have less than two methods set up, Atlas prompts you to set up MFA and a backup method at login.
Required Access
To use MFA, an Organization Owner must enable it for
their organization. All members of that organization must enable
MFA for their accounts. Those members who haven't enabled MFA
can't access the organization.
Prerequisites
Install and configure multiple authentication factors.
Install and configure a FIDO2 compatible device (like a YubiKey) or operating system feature (like Windows Hello).
Note
FIDO2 compatibility varies. It depends on your platform and browser. Consult Okta's documentation before choosing this method.
Download an Authenticator App (for example, Google Authenticator or Microsoft Authenticator) to your iOS or Android device.
Verify the email address you used to sign up for your MongoDB account.
Verify that this email address can receive email from the
mongodb.comdomain.
Verify that your mobile phone account allows SMS messages.
Enable Multi-Factor Authentication
Set up an authentication method.
Choose your preferred authentication method.
Click Set up to the right of your chosen method.
Follow the procedure for your chosen method:
Complete these steps using the Okta Verify mobile app.
Open the Okta Verify app on your mobile device.
Tap the + icon to add an account. The app places this icon in the app's menu bar at the top of the screen.
Scan the bar code displayed in Atlas.
Click Done.
Complete these steps using Atlas and your FIDO2 device.
On the Set up Security Key/Biometric Authenticator page, click Enroll.
Your configured MFA device requests verification of your identity.
Complete these steps using the Authenticator App.
Open the Authenticator App to your mobile device.
Tap the + icon to add an account. The app places this icon in the app's menu bar at the bottom right of the screen.
Tap Scan a QR code.
Scan the bar code displayed in Atlas.
Enter the six-digit verification code into Atlas.
Check your email account for a message titled Verify Your Identity from
mongodb-account@mongodb.com. Atlas sent an email message with a six-digit verification code.Open the message to get the code.
Enter this code into Atlas.
Complete these steps in Atlas.
Enter your mobile phone number in the Phone Number text box.
Click Send Code. Atlas sends a text message with a six-digit verification code.
Enter this code into Atlas.
Note
Atlas doesn't require a verification code if you re-enroll a phone number. If you re-enroll a removed phone number, Atlas activates it without a code.
Remove an Authentication Method
To remove a method from your account:
Choose a method to remove.
Click Delete to the right of that method.
To remove a method, Atlas asks you to authenticate again using MFA.