Enabling Authentication in MongoDB (original) (raw)

Last Updated : 20 Apr, 2026

Access control and authentication in MongoDB secure the database by verifying user identities and enforcing role-based permissions to prevent unauthorized access and protect data integrity.

Configuring MongoDB Access Control and User Authentication

To secure your MongoDB instance, follow these steps in the specified order to successfully enable authentication and access control.

Step 1: Start the MongoDB

Start the MongoDB server by opening the command prompt and running the following command.

mongod

**Output:

mongosh

As we can see that the database has been started and we can access it.

Step 2: Create a Database and Add Documents

Create a database using the command prompt or MongoDB Compass to use GUI. The database is created automatically when you create your first collection.

use mydb //Creates database

db.createCollection("nameColletion")

**Output:

Screenshot-2026-02-25-114937

Once we have successfully created a database, it's time to insert few documents into the database.

db.myCollection.insertOne({ name: "Philips", age: 21})

**Output:

Screenshot-2026-02-25-115036

Using the same format, you can create database & collection and insert additional data as needed.

Step 3: Create a Database User with Proper Roles

To enable authentication, create users and assign them appropriate roles based on responsibilities. Avoid giving unnecessary privileges to application users.

use admin

db.createUser({
user: "Geek",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
})

**Output:

Screenshot-2026-02-25-153940

**Create an Application User (for data access)

use mydb

db.createUser({
user: "appUser",
pwd: "StrongApp@123",
roles: [ { role: "readWrite", db: "mydb" } ]
})

**Output:

Screenshot-2026-02-25-122255

Step 4: Change MongoDB Configuration to Enable Authentication

By default, MongoDB authentication is disabled, so you must edit mongod.conf to enable access control.

C:\Program Files\MongoDB\Server\8.2\bin

Open the mongod.conf file in any editor and write the following under security

security:
authorization: enabled

Screenshot-2026-02-25-120115

Save the changes and close the file. Once we have made the changes, Go to Services in Windows and find MongoDB and restart it.

Services-in-Windows

Step 5: Authenticate with the Created User

After restarting MongoDB, try accessing the data without authenticating. For example, attempt to fetch documents from the myCollection collection:

db.myCollection.find()

**Output:

authorization

This confirms that authentication and access control are enabled.

Now to see the data, let's first give theusername and password.

db.auth("appUser","StrongApp@123")

**Output:

Screenshot-2026-02-25-122124

Check for the available documents in the database.

db.myCollection.find()

**Output:

Screenshot-2026-02-25-122159

As we can see after successful authentication, we get access to the documents available in the MongoDB database.

Step 6: Set the MongoDB URL in the Repository Configuration

Set the MongoDB URI in your application’s configuration file to include the database credentials:

mongodb://appUser:StrongApp@123@hostname:27017/mydb

This allows the application to authenticate with MongoDB after access control is enabled.

Step 7: Restart the Repository

Restart the application to reload the updated configuration and apply the new MongoDB connection settings.

Exception for localhost

MongoDB provides a localhost exception that temporarily allows user creation without authentication when access control is enabled and no users exist.