Introduction
MongoDB Atlas is the system of record for many teams' production databases, holding configuration, access, and security data that is often relied on as evidence for data protection, access management, and database security controls. Manually pulling this evidence for audits is repetitive and error-prone.
The Complyance MongoDB integration automates this by connecting via a Service Account and continuously collecting evidence such as organization configuration, access settings, and security posture data. Evidence is refreshed automatically before it expires, reducing manual effort and improving audit readiness.
Configuration
Step 1: Create a Service Account
- In MongoDB Atlas, navigate to Identity & Access → Applications
- Click Add New → Service Account
- Fill in the following:
- Name: Complyance Integration
- Description: This is the Service Account used by Complyance to generate automatic evidences
- Client Secret Expiration: 365 days
- Organization permissions: select based on the integrations and checks you want to enable.
- Depending on the reports you want to generate, the Complyance team will confirm the permissions you need to ensure least privilege access. See step 4 below.
- Depending on the reports you want to generate, the Complyance team will confirm the permissions you need to ensure least privilege access. See step 4 below.
- Click Create
- Copy the Client ID and Client Secret
Keep these credentials secure. The Client Secret cannot be retrieved again after this step.
Step 2: Locate your Organization ID
- Navigate to Organization Settings
- Copy your Organization ID
Step 3: Share with Complyance
Once you have completed these steps, securely share the following with your Complyance point of contact:
- Client ID
- Client Secret
- Organization ID
Step 4: Agree which pre-built and custom checks you need
We have pre-built connectors with major providers and the services that sit underneath. Leveraging these connectors, we have a number of off-the-shelf checks to continuously monitor compliance and reports to prove compliance. We also frequently build configured and custom checks that are tailored to our clients - please reach out to your implementation lead to connect an additional report or check.