Navigation
This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Manage Users

On this page

You can manage the users that have access to your On-Prem MongoDB Management Service groups, create and manage groups, and assign roles to users to provide controlled access to the MMS application.

There is no planned upgrade path from existing MMS user authentication to using LDAP. You will need to recreate users, groups, and roles manually with your LDAP service, as described in the Configure Users and Groups with LDAP for On-Prem MongoDB Management Service document.

Add Users

1

Click the Users tab.

2

Click the Add/Invite User button.

3

Enter the new user’s email address and select their role.

Click the appropriate checkboxes to assign roles.

For more information on roles, see User Roles. When you have entered all information, click Add/Invite.

4

If prompted, enter the two-factor verification code.

There might be a delay of a few seconds before you receive the prompt. MMS will prompt you for a two-factor verification code if you have not verified recently.

5

Send the invitation.

Click the Send Email Invitation button.

Note

With MongoDB Management Service On Prem, user accounts and groups are independent from JIRA. This is in contrast to the MongoDB Management Service, which shares account and group information with the MongoDB JIRA instance.

Users can create accounts using the account registration page of your MMS installation.

See User Roles for details about roles and privileges, as well as adding users and assigning roles with LDAP integration.

View Requests

To view requests, click the Users tab and then select the Requests page. The Requests page lists pending requests to join your group. Users can request access when they create their MMS account, as on the registration page.

View Invitations

To view invitations, click the Users tab and then select the Invitations page. The Invitations page lists pending invitations to your group. When you invite a user, MMS then sends an email to the prospective new user and lists the invitation until the user accepts.

View Users

To view users, click the Users tab and then select the Users page. The Users page lists users who have access to your MMS group, their roles, their time zones, and other information.

Remove Users

1

Click the Users tab and then select the Users page.

2

Remove the user.

Locate the user and click the garbage can on the user’s line.

Working with Multiple Environments

Groups

If you have multiple MongoDB systems in distinct environments and cannot monitor all systems with a single agent, you will need to add a new group. Having a second group makes it possible to run two agents.

You may also use a second group and agent to monitor a different set of MongoDB instances in the same environment if you want to segregate the hosts within the MMS console. A user can only view data from the hosts monitored in a single group at once.

After adding a second group, the MMS interface will have a drop down list that will allow you to change groups. Selecting a new group will refresh the current page with the data available from the servers in this group.

Create Group

Create a group to monitor additional segregated systems or environments for servers, agents, users, and other resources. For example, your deployment might have two or more environments separated by firewalls. In this case, you would need two or more separate MMS groups.

API and shared secret keys are unique to each group. Each group requires its own agent with the appropriate API and shared secret keys. Within each group, the agent needs to be able to connect to all hosts it monitors in the group.

1

In MMS, select the Users tab.

2

Click the Add New Group button.

3

Add the group.

In the Group Name box, type a name for the new group and then click Add New Group. For security and auditing reasons, you cannot use a name used earlier. Once you name a group, the group’s name cannot be changed.

4

Open the group.

To access the new group, select the Group box at the top of the MMS interface, type the group’s name, and select the group. You are the first user added to the new group.

5

Assign hosts.

In the Deployment section, click Get Started. Follow the prompts to download the agent, if you have not already, and to assign hosts to the group.

Assigning Roles to Users

MMS or an LDAP server can assign roles to individual users to limit actions users can perform, as well as data users see in the application. With LDAP integration, follow the steps to setup Configure Users and Groups with LDAP for On-Prem MongoDB Management Service then create LDAP groups for each available MMS role.

Users must have User Admin or Global User Admin roles assigned to them to assign roles to users. A person with the User Admin role can assign roles to users in their group. A person with the Global User Admin role can assign roles to any user in any group. You cannot assign roles for yourself.

MMS User Roles

MMS or an LDAP server can assign roles to individual users to limit actions users can perform, as well as data users see in the application. With LDAP integration, follow the steps to setup Configure Users and Groups with LDAP for On-Prem MongoDB Management Service then create LDAP groups for each available MMS role.

Users must have User Admin or Global User Admin roles assigned to them to assign roles to users. A person with the User Admin role can assign roles to users in their group. A person with the Global User Admin role can assign roles to any user in any group. You cannot assign roles for yourself.

Initial Creation

Upon successful login, the first user completes a welcome form to create the initial MMS group. This form includes assigning roles. For LDAP authentication, the welcome form includes the ability to assign LDAP groups to the MMS group-level and global roles.

See User Roles for roles available for a group.

Assign an MMS Role

To assign roles inside of On-Prem MongoDB Management Service, go to the Users tab, then click the Users page, and then click the pencil icon to the right of the user. Click the appropriate checkboxes to assign roles.

Assign Roles with LDAP

First, create groups on your LDAP server for each of the available MMS group-level and global roles.

To assign LDAP groups to MMS roles, click the Admin link at the top right of any MMS page, then click Monitoring, which displays the Groups page. Click the pencil icon at the far right of a group name. Edit the Roles interface by adding the appropriate LDAP group name to its corresponding MMS group name.

Because MMS does not update role assignments stored in your LDAP server, assign roles by assigning users to groups in your LDAP server.

Configure global roles in conf-mms.properties file.

See Configure Users and Groups with LDAP for On-Prem MongoDB Management Service for more details about LDAP integration with MMS.

←   Create Group Hosts  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.