# MongoDB Atlas Integration

The MongoDB Atlas integration enables Sprinto to monitor your database infrastructure and user access for compliance frameworks such as SOC 2 and ISO 27001.

Once connected, Sprinto automatically retrieves organisation, cluster, and user-level data from MongoDB Atlas to:

* Track access across projects and databases
* Monitor configuration and security posture
* Support access reviews and audit readiness

This integration uses the MongoDB Atlas Administration API and authenticates using API keys.

***

### How It Works

Sprinto connects to MongoDB Atlas using API key-based authentication and interacts with the Atlas Administration API to retrieve metadata required for compliance monitoring.

* Sprinto uses the **Atlas Administration API** (`https://cloud.mongodb.com/api/atlas/v2`) to fetch data.
* Authentication is performed using a **Public Key and Private Key pair** (HTTP Digest authentication).
* Sprinto reads organisation-level and project-level information such as users, clusters, and roles.
* The integration is **read-only**, ensuring no changes are made to your MongoDB Atlas environment.

This data is then used to power:

* Access reviews
* User activity tracking
* Compliance checks and controls

***

### Permissions and Data Access

#### Permissions Required

To integrate MongoDB Atlas with Sprinto, ensure:

* **Organisation Role:** Organisation Owner (required to create API keys)
* **API Key Role:** Organisation Read Only

The Organisation Read Only role ensures Sprinto can retrieve necessary data without modifying any resources.

***

#### Data Accessed by Sprinto

Sprinto collects the following metadata:

* Organisations
* Projects and clusters
* Hosts and infrastructure details
* User accounts and roles
* Access groups and permissions

This data is used strictly for compliance monitoring and audit evidence generation.

***

### Prerequisites

Before setting up the integration, ensure the following:

* You have **admin access (Organisation Owner)** in MongoDB Atlas.
* Multi-Factor Authentication (MFA) is enabled for all users.
* You have access to create API keys in the Atlas console.
* Atlas Admin API access is allowed (IP access restrictions configured appropriately).

***

### Setup Instructions

#### Step 1: Navigate to MongoDB Atlas Integration

1. Log in to the Sprinto dashboard.
2. Go to **Settings → Integrations**.
3. In the **All** tab, search for **Mongo Atlas**.
4. Click **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FvbykQG58CXZKANBiJmKW%2FScreenshot%202026-04-15%20at%2011.58.42.png?alt=media&#x26;token=58b7e257-b56c-4044-ab2d-441037880f5d" alt="" width="563"><figcaption></figcaption></figure>

***

#### Step 2: Review Permissions and Data

1. In the integration drawer, review:
   * Controls and checks automated
   * Permissions required
   * Data accessed by Sprinto
2. Click **Next**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FA9ftI3PdfDrFFwWWsygI%2FScreenshot%202026-04-15%20at%2011.59.22.png?alt=media&#x26;token=419c4537-1461-4048-b484-a333078877c3" alt="" width="375"><figcaption></figcaption></figure>

***

#### Step 3: Generate API Keys in MongoDB Atlas

1. Log in to the [MongoDB Atlas](https://account.mongodb.com/account/login) console.
2. Navigate to your [**Organisation Settings**](https://cloud.mongodb.com/v2#/preferences/organizations).
3. Enable **Multi-Factor Authentication** for all users.
   * If using Google Workspace SSO, MFA may already be enforced.
4. Disable **Require IP Access List for the Atlas Administration API** (if applicable).

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FuSFhELjQlxn4ReJJ4OJu%2Fmongo1.png?alt=media&#x26;token=6377d0b4-42b3-4553-9c55-09bae614f14d" alt="" width="563"><figcaption></figcaption></figure>

***

#### Step 4: Create API Key

1. Go to **Access Manager**.
2. Click **Create API Key**.
3. Provide a description for the key.
4. Assign the role:
   * **Organisation Read Only**
5. Click **Next**.
6. Copy and securely store:
   * Public Key
   * Private Key (shown only once)
7. Click **Done**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FjL2ZGdfSK2IYwZ8EPYew%2Fmongo2.png?alt=media&#x26;token=195d114b-9ab7-49bf-bc92-204594425109" alt="" width="563"><figcaption></figcaption></figure>

***

#### Step 5: Add API Keys in Sprinto

1. Return to Sprinto.
2. Enter:
   * Public Key
   * Private Key
3. Click **Connect Mongo Atlas**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FUcDHAkGdUqBlGRoYhQHO%2FScreenshot%202026-04-15%20at%2012.02.03.png?alt=media&#x26;token=8a37f78f-5a21-4518-887f-453cdb1dcbda" alt="" width="375"><figcaption></figcaption></figure>

***

### Post-Connection Flow

Once the integration is successfully connected:

* Sprinto initiates an **initial data sync automatically**.
* Organisation, user, and cluster data are fetched.
* Compliance checks and controls begin evaluating your setup.
* Access review workflows can be configured using the synced data.

**Note:** It may take up to 24 hours for all data to fully reflect in Sprinto.

***

### Troubleshooting

#### 1. Insufficient Permissions (403 Error)

* Ensure the API key has **Organisation Read Only** role.
* Confirm the user creating the key has **Organisation Owner** access.

#### 2. Authentication Failures (401 Error)

* Verify that the Public and Private keys are correct.
* Regenerate the API key if the private key was lost.

#### 3. API Access Issues

* Ensure Atlas Admin API access is not blocked by IP restrictions.
* Confirm your IP Access List configuration allows API calls.

#### 4. No Data Syncing

* Wait up to 24 hours for initial sync.
* Verify API key permissions and organisation scope.

***

### Additional Notes

* MongoDB Atlas also supports **OAuth (Service Accounts)** for authentication, which provides improved security and automatic token rotation.
* Sprinto currently uses **API key-based authentication** for this integration.
* The integration follows a **read-only access model** and does not modify any resources in your Atlas environment.

***

### Support

Please contact [Sprinto Support](mailto:www.support@sprinto.com) If you have any queries related to the integration or need any assistance.