Join us Sept 17 at .local NYC! Use code WEB50 to save 50% on tickets. Learn more >
MongoDB Jokes
Docs Menu
Docs Home
/ /

Manage Programmatic Access to an Organization

Use the following procedures to manage programmatic access to an organization. To learn more, see Grant Programmatic Access to an Organization.

Important

We recommend you use Service Accounts instead of API keys for API authentication.

To perform any of the following actions, you must have Organization Owner access to Atlas.

You can view the details of all service accounts or API keys that have access to your organization.

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3

All the service accounts with access to your organization are listed.

Click the name of a service account to view its details, including:

  • The obfuscated client secret for the service account

  • The date the client secret was last used

  • The date the client secret was created

  • The IP addresses from which the service account can access the API

  • The roles the service account has been assigned

You can view a list of API keys, the details of an API key, or the access list for an API key in an organization using the Atlas CLI.

To list all API keys in an organization using the Atlas CLI, run the following command:

atlas organizations apiKeys list [options]

To return the details for an API key in an organization using the Atlas CLI, run the following command:

atlas organizations apiKeys describe <ID> [options]

To learn more about the syntax and parameters for the previous commands, see the Atlas CLI documentation for atlas organizations apiKeys list and atlas organizations apiKeys describe.

To list IP access list entries for your API key using the Atlas CLI, run the following command:

atlas organizations apiKeys accessLists list <apiKeyID> [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas organizations apiKeys accessLists list.

To view the details of an API key in an organization using the Atlas UI:

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3
4
  1. Click to the right of the API Key.

  2. Click View Details.

The <Public Key> API Key Details modal displays:

  • The obfuscated Private Key

  • The date the Key was last used

  • The date the Key was created

  • The IP addresses from which the Key can access the API

  • The projects to which the Key has been granted access

You can change the roles, name, description, or access list for a service account in an organization using the Atlas UI. You can also generate a new client secret.

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3
4
5

To modify the Name or Description, click .

6
  1. Click Generate New Client Secret

  2. Choose a duration for the client secret from the menu. The client secret expires after this duration.

  3. Click Generate New.

  4. Click Copy and save the client secret to a secure location. This is the only time you can view the full client secret.

7
  1. Click Edit Permissions.

  2. From the Organization Permissions menu, select the new role or roles for the service account.

  3. Click Save and next.

    Important

    The service account credentials remain active until they expire or are revoked.

8
  1. To add an IP address or CIDR block from which you want Atlas to accept API requests for this service account, click Add Access List Entry and type an IP address.

    You can also click Use Current IP Address if the host you are using to access Atlas also will make API requests using this service account.

  2. To remove an IP address from the access list, click to the right of the IP address.

  3. Click Save.

You can change the roles or access list for an API key in an organization using the Atlas CLI.

To update an API key in an organization using the Atlas CLI, run the following command:

atlas organizations apiKeys assign <apiKeyId> [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas organizations apiKeys assign.

To create an IP access list entry for your API key using the Atlas CLI, run the following command:

atlas organizations apiKeys accessLists create [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas organizations apiKeys accessLists create.

To delete an IP access list entry for your API key using the Atlas CLI, run the following command:

atlas organizations apiKeys accessLists delete <entry> [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas organizations apiKeys accessLists delete.

You can change the roles, description, or access list for an API Key in an organization using the Atlas UI.

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3
4
5

On the Add API Key page:

  1. Modify the Description.

  2. In the Organization Permissions menu, select the new role or roles for the API key.

6
7
  1. To add an IP address or CIDR block from which you want Atlas to accept API requests for this API Key, click Add Access list Entry and type an IP address.

    You can also click Use Current IP Address if the host you are using to access Atlas also will make API requests using this API Key.

  2. To remove an IP address from the access list, click to the right of the IP address.

  3. Click Save.

8
1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3
4
  1. Click the icon under Actions to the right of the service account you want to delete.

  2. Click Delete.

Deleting a service account from an organization also removes it from from any projects to which the service account was granted access.

You can use the Atlas Administration API to:

To delete an API key from an organization using the Atlas CLI, run the following command:

atlas organizations apiKeys delete <ID> [options]

To learn more about the command syntax and parameters, see the Atlas CLI documentation for atlas organizations apiKeys delete.

To delete an access list entry for an API key in an organization, see Update Programmatic Access to an Organization.

1
  1. If it's not already displayed, select your desired organization from the Organizations menu in the navigation bar.

  2. Click the Identity & Access Management icon in the navigation bar.

  3. Click Organization Access.

The Organization Access Manager page displays.

2
3
4
5

Removing an API Key from an Organization also removes that key from any projects to which the key was granted access.

Back

Get Started

On this page