Docs Menu
Docs Home
/
MongoDB Atlas
/ /

Set Up and Manage Azure Service Principal Access

On this page

  • Overview
  • Required Access
  • Prerequisites
  • Set Up Azure Service Principal Access
  • View Authorized Azure Service Principals
  • View Authorized Azure Service Principal Details
  • Remove Authorized Azure Service Principal

Some Atlas features such as Data Federation require access to resources in your Azure Blob Storage environment. To grant access in a secure manner, create or update an Azure Service Principal with access policy.

To configure customer key management, you must have Project Owner access to the project.

Users with Organization Owner access must add themselves to the project as a Project Owner.

You can set up an Azure service principal with access policy for your Atlas project from the Atlas Administration API or Atlas UI.

You can use the Azure PowerShell or CLI to set up the Service Principal.

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Integrations.

    The Project Integrations page displays.

2

Click Configure for Azure.

Atlas displays the Authorize Azure Service Principal page the first time. Subsequently, Atlas displays the Azure Service Principal Access page.

3
  1. Click Authorize Azure Service Principal.

  2. Review the information in the Overview and click Next.

4

The Add Atlas to your Azure Service Principal section displays the AppId that you can use with your command to create your new or add to existing Service Principal for Atlas. You can use either Azure PowerShell or CLI to create or update the Service Principal. To create a new Service Principal, you can follow the step in the Authorize Azure Service Principal window.

  1. In a terminal, log into PowerShell and get the tenant ID using the commands displayed in the UI.

  2. Enter the ID of your Azure Active Directory tenant in the UI text field.

  3. Copy and run the PowerShell command displayed in the UI in your PowerShell to create a new Service Principal for Atlas.

    Atlas automatically uses the AppId displayed in the Add Atlas to your Azure Service Principal section as the value for the -AppId option.

  4. Enter the ID of the service principal that you created.

    The service principal ID is the value of the ObjectId field in your PowerShell command output.

  1. Get the ID of your Azure Active Directory tenant using the displayed command and enter the tenant ID returned by the command in the text field in the UI.

  2. Copy and run the displayed command in the Azure CLI to create a new Service Principal for Atlas.

    Atlas automatically uses the AppId displayed in the Add Atlas to your Azure Service Principal section as the value for --id option.

  3. Enter the ID of the service principal that you created.

    The service principal ID is the value of the id field in the command output.

5

To create an Azure service principal with access policy for your Atlas project through the API, send POST requests to the cloudProviderAccess endpoint first with the ID of the project for which you wish to create a service principal and then with the ID of the project and service principal for which you set up access. To learn more about the request path and body parameters, see Create One Cloud Provider Access Role and Authorize One Cloud Provider Access Role.

You can view all Azure service principals for your Atlas project from the Atlas Administration API or Atlas UI.

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Integrations.

    The Project Integrations page displays.

2

The Azure Service Principal Access page displays. The page displays the list of services principals configured for your project. For each service principal, the page displays the following:

Field Name
Description
Service Principal
The ID of the service principal.
Created Date
The date when you created and associated the service principal with Atlas.
Actions

The actions that you can take on the associated service principal. You can do the following:

  • Click to remove the service principal authorization for Atlas.

  • Click to view service principal details or create a federated database instance.

To view all the Azure service principals with access policy for your Atlas project through the API, send a GET request to the cloudProviderAccess endpoint with the ID of the project. To learn more about the syntax and parameters to include in the request, see Return All Cloud Provider Access Roles.

You can view the details of an authorized Azure Service Principal from the Atlas Administration API or Atlas UI.

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Integrations.

    The Project Integrations page displays.

2

The Azure Service Principal Access page displays. The page displays the list of services principals configured for your project.

3

Atlas displays the Service Principal Details window. You can view and copy the following information about the authorized Service Principal:

Field Name
Description
Atlas Azure AppID
The ID of the Atlas Azure application.
Tenant ID
The ID of of your Azure Active Directory tenant
Service Principal ID
The ID of the service principal.
4

To view an Azure service principal with access policy for your Atlas project through the API, send a GET request to the cloudProviderAccess endpoint with the ID of the project. To learn more about the syntax and parameters to include in the request, see Return specified Cloud Provider Access Role.

You can't remove a Service Principal that is currently in use. You can remove unused Azure Service Principals from the Atlas Administration API or Atlas UI.

1
  1. If it's not already displayed, select the organization that contains your desired project from the Organizations menu in the navigation bar.

  2. If it's not already displayed, select your desired project from the Projects menu in the navigation bar.

  3. Next to the Projects menu, expand the Options menu, then click Integrations.

    The Project Integrations page displays.

2

The Azure Service Principal Access page displays. The page displays the list of services principals configured for your project.

3

Atlas displays a confirmation window.

4

To remove an Azure service principal with access policy for your Atlas project through the API, send a DELETE request to the cloudProviderAccess endpoint with the ID of the project, the name of the cloud provider, and the ID of the service principal that you wish to remove. To learn more about the syntax and parameters to include in the request, see Deauthorize One Cloud Provider Access Role.

Back

Unified AWS