How to Enable Authentication in MongoDB: Step-by-Step Guide
To enable authentication in MongoDB, first create an admin user with proper roles, then start the MongoDB server with the
--auth option or set security.authorization to enabled in the configuration file. This makes MongoDB require users to authenticate before accessing the database.Syntax
Enabling authentication in MongoDB involves two main steps:
- Create an admin user with the
userAdminAnyDatabaserole. - Start MongoDB with authentication enabled by using the
--authflag or settingsecurity.authorization: enabledin the config file.
This setup ensures MongoDB requires valid credentials for database access.
bash
mongod --auth --port 27017 --dbpath /data/db
# Or in the config file (mongod.conf):
security:
authorization: enabledExample
This example shows how to create an admin user and enable authentication:
bash
# Start MongoDB without auth to create admin user mongod --port 27017 --dbpath /data/db # Connect to Mongo shell mongo --port 27017 # Create admin user use admin db.createUser({ user: "admin", pwd: "password123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }) # Stop MongoDB and restart with auth enabled mongod --auth --port 27017 --dbpath /data/db # Connect with authentication mongo --port 27017 -u admin -p password123 --authenticationDatabase admin
Output
Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
MongoDB server started with authentication enabled
MongoDB shell connected with authentication
Common Pitfalls
Common mistakes when enabling authentication include:
- Not creating an admin user before enabling
--auth, which locks you out. - Forgetting to restart MongoDB after changing the config to enable authentication.
- Using incorrect roles or missing the
userAdminAnyDatabaserole for the admin user. - Trying to connect without specifying the authentication database.
Always create users first, then enable authentication.
bash
## Wrong way: Enabling auth before creating user mongod --auth --port 27017 --dbpath /data/db # No users exist, so you cannot log in ## Right way: # 1. Start without auth mongod --port 27017 --dbpath /data/db # 2. Create admin user # 3. Restart with auth mongod --auth --port 27017 --dbpath /data/db
Quick Reference
| Step | Command or Setting | Description |
|---|---|---|
| Create admin user | db.createUser({user: "admin", pwd: "password", roles: [{role: "userAdminAnyDatabase", db: "admin"}]}) | Creates admin user with user management rights |
| Enable auth (command line) | mongod --auth --port 27017 --dbpath /data/db | Starts MongoDB requiring authentication |
| Enable auth (config file) | security: authorization: enabled | Sets authentication in mongod.conf |
| Connect with auth | mongo -u admin -p password --authenticationDatabase admin | Connects to MongoDB with credentials |
Key Takeaways
Always create an admin user before enabling authentication to avoid lockout.
Enable authentication by starting mongod with --auth or setting security.authorization to enabled.
Use the admin database for user creation and authentication.
Restart MongoDB after changing authentication settings.
Specify the authentication database when connecting with credentials.