• Security >
• Authentication >
• Authentication Mechanisms

Authentication Mechanisms

MongoDB supports the following authentication mechanisms:

• SCRAM-SHA-1

• MongoDB Challenge and Response (MONGODB-CR)

  Changed in version 3.0: New challenge-response users created in 3.0 will use SCRAM-SHA-1. If using 2.6 user data, MongoDB 3.0 will continue to use MONGODB-CR.

• x.509 Certificate Authentication.

In addition, MongoDB Enterprise also provides supports for additional mechanisms. See Enterprise Authentication Mechanisms for additional mechanisms available in MongoDB Enterprise.

Default Authentication Mechanism

Changed in version 3.0.

MongoDB uses the SCRAM-SHA-1 as the default challenge and response authentication mechanism. Previous versions used MONGODB-CR as the default.

Specify Authentication Mechanism

To specify the authentication mechanism to use, set the authenticationMechanisms parameter for mongod and mongos.

Clients specify the authentication mechanism in the db.auth() method. For the mongo shell and the MongoDB tools, you can also specify the authentication mechanism from the command line.

• SCRAM-SHA-1
• MONGODB-CR
• x.509
  • Use x.509 Certificates to Authenticate Clients

←   Add Users SCRAM-SHA-1  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.