{"id":10144,"date":"2025-05-22T07:00:04","date_gmt":"2025-05-22T14:00:04","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/cosmosdb\/?p=10144"},"modified":"2025-05-14T08:26:36","modified_gmt":"2025-05-14T15:26:36","slug":"microsoft-entra-id-integration-with-azure-cosmos-db-for-mongodb-vcore","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/cosmosdb\/microsoft-entra-id-integration-with-azure-cosmos-db-for-mongodb-vcore\/","title":{"rendered":"Microsoft Entra ID integration with Azure Cosmos DB for MongoDB (vCore)"},"content":{"rendered":"<p><span style=\"font-family: georgia, palatino, serif; font-size: 16px;\">Security is no longer a nice-to-have\u2014it\u2019s a foundational requirement for any cloud-native architecture. As organizations adopt managed database services to support mission-critical applications, they must prioritize robust, scalable, and centralized security. Azure Cosmos DB for MongoDB (vCore) delivers high performance and flexibility, but it provides the most value when paired with well-implemented security practices.<\/span><\/p>\n<p><span style=\"font-family: georgia, palatino, serif;\">Authentication anchors any effective security strategy. It verifies that only authorized users and applications can access your data and serves as the first line of defense against unauthorized access. For managed database services, teams must ensure authentication is both secure and simple to manage across environments, teams, and workloads.<\/span><\/p>\n<p><span style=\"font-family: georgia, palatino, serif;\">Now generally available, Microsoft Entra ID integration brings enterprise-grade identity and access management to Azure Cosmos DB for MongoDB (vCore). This feature lets you integrate your MongoDB workloads seamlessly into your existing Entra ID ecosystem.<\/span><\/p>\n<h1><span style=\"font-family: georgia, palatino, serif;\">Authentication management in database services<\/span><\/h1>\n<p><span style=\"font-family: georgia, palatino, serif;\">Azure Cosmos DB for MongoDB (vCore) has supported <a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/oss\">native DocumentDB authentication<\/a> from the start. This built-in mechanism allows users to get started quickly with secure access to their clusters. During cluster provisioning, a default administrative user is created automatically. This built-in user has full privileges and can create <a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/secondary-users#add-secondary-users\">additional native users<\/a> with read-write and read-only permissions on the whole cluster.<\/span><\/p>\n<p><span style=\"font-family: georgia, palatino, serif;\">While native authentication is convenient for initial setup and lightweight use cases, it comes with limitations:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\">User and credential management must be done separately for each cluster.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\">There\u2019s no centralized control or visibility across environments.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\">Enforcing enterprise-wide policies like password expiration, multi-factor authentication, or conditional access is not possible with native authentication alone.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: georgia, palatino, serif;\">To address these challenges, Azure Cosmos DB for MongoDB (vCore) now supports integration with Microsoft Entra ID (formerly Azure Active Directory). This integration enables you to:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\">Manage a single set of security principals\u2014users and managed identities\u2014centrally in Microsoft Entra ID.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\">Assign those principals to one or more Azure Cosmos DB for MongoDB (vCore) clusters.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\">Leverage familiar identity governance tools and policies, such as role-based access control (RBAC), conditional access, and audit logging.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: georgia, palatino, serif;\">When organizations move authentication and policy management into the Entra ID ecosystem, they streamline access control, improve compliance, and reduce operational overhead\u2014especially across multiple clusters or large teams.<\/span><\/p>\n<h1><span style=\"font-family: georgia, palatino, serif;\">How to use Microsoft Entra ID with Azure Cosmos DB for MongoDB (vCore)<\/span><\/h1>\n<p><span style=\"font-family: georgia, palatino, serif;\"><img decoding=\"async\" class=\"alignright\" src=\"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-content\/uploads\/sites\/52\/2025\/05\/entra-id-cluster-configuration.png\" alt=\"Azure Cosmos DB for MongoDB vCore cluster properties for authentication methods.\" width=\"350\" height=\"119\" \/>\nGetting started with Entra ID integration in Azure Cosmos DB for MongoDB (vCore) is straightforward and designed to align with your existing identity and access management practices.<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\"><strong>Start with a cluster<\/strong><\/span>\n<span style=\"font-family: georgia, palatino, serif;\">To begin, you\u2019ll need an Azure Cosmos DB for MongoDB (vCore) cluster. If you don\u2019t have one yet, follow steps <a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/quickstart-portal\">in this article<\/a> to create and configure your first cluster.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><strong>Enable Entra ID authentication<\/strong><\/span>\n<span style=\"font-family: georgia, palatino, serif;\">Once your cluster is up and running, you can enable Entra ID authentication and assign Entra ID users or managed identities to it. This can be done in Azure Cloud Shell, local Azure CLI, or by making direct REST API calls. You can find step-by-step guidance <a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-configure-entra-authentication#configure-existing-cluster-for-authentication\">here<\/a>.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><strong>Connect using Entra ID account via OpenID Connect (OIDC)<\/strong><\/span>\n<span style=\"font-family: georgia, palatino, serif;\">After enabling Entra ID, you can connect to your cluster using OIDC-based authentication. You can find sample console applications in multiple languages to help you get started:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-python-console-app\">Python<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-nodejs-console-app?pivots=programming-language-ts\">Node.js<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-dotnet-console-app\">.NET \/ C#<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-go-console-app\">Go<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-java-console-app\">Java<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-build-rust-console-app\">Rust<\/a><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-family: georgia, palatino, serif;\">These examples demonstrate how to create a sample MongoDB client and retrieve an OIDC token to authenticate using Entra ID and securely connect to your MongoDB (vCore) cluster using industry-standard protocols.<\/span><\/p>\n<h1><span style=\"font-family: georgia, palatino, serif;\">Next steps<\/span><\/h1>\n<p><span style=\"font-family: georgia, palatino, serif;\">Microsoft Entra ID integration with Azure Cosmos DB for MongoDB (vCore) opens the door to enterprise-grade identity and access management for your cloud-native database workloads. Whether you&#8217;re just getting started or looking to deepen your understanding, the following resources will help you explore the full capabilities of this integration:<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/entra-authentication\"><strong>Microsoft Entra ID fundamentals for MongoDB vCore<\/strong><\/a><\/span>\n<span style=\"font-family: georgia, palatino, serif;\">This article explains how Entra ID integrates with Azure Cosmos DB for MongoDB vCore. It walks through key concepts such as authentication flows and the supported identity types, including users and managed identities.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/how-to-configure-entra-authentication\"><strong>Step-by-step configuration guide<\/strong>\n<\/a>You\u2019ll learn how to enable Entra ID authentication on an existing cluster, assign Entra ID users, and manage their access. This guide provides detailed instructions, screenshots, and best practices to help you configure your environment effectively.<\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><strong>Quick start guides<\/strong><\/span>\n<span style=\"font-family: georgia, palatino, serif;\">Azure Cosmos DB for MongoDB (vCore) The Azure Cosmos DB for MongoDB (vCore) quick start guides help you deploy a sample end-to-end application using Entra ID or OIDC authentication with various MongoDB drivers in an Azure Developer CLI environment.<\/span><\/p>\n<ul>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/quickstart-python\">Python<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/quickstart-nodejs?pivots=programming-language-ts\">Node.js<\/a><\/span><\/li>\n<li><span style=\"font-family: georgia, palatino, serif;\"><a href=\"https:\/\/learn.microsoft.com\/azure\/cosmos-db\/mongodb\/vcore\/quickstart-nodejs?pivots=programming-language-ts\">.NET \/ C#<\/a><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-family: georgia, palatino, serif;\">These resources are ideal for developers, DBAs, and security professionals who want to integrate identity management into their MongoDB (vCore) deployments using familiar tools and policies from the Microsoft Entra ID ecosystem.<\/span><\/p>\n<h2><strong>Leave a review<\/strong><\/h2>\n<p>Tell us about your Azure Cosmos DB experience! Leave a review on PeerSpot and we\u2019ll gift you $50.\u00a0<a id=\"menuros8\" class=\"fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/peerspotdotcom.my.site.com\/proreviews\/?salesopportunityproduct=00kpy000004tkxjia4&amp;productpeerspotnumber=30881&amp;calendlyaccount=peerspot&amp;calendlyformlink=peerspot-product-reviews-ps-gc-vi-sf-50&amp;giftcard=50\" href=\"https:\/\/peerspotdotcom.my.site.com\/proReviews\/?SalesOpportunityProduct=00kPy000004TKXJIA4&amp;productPeerspotNumber=30881&amp;CalendlyAccount=peerspot&amp;CalendlyFormLink=peerspot-product-reviews-ps-gc-vi-sf-50&amp;giftCard=50\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link Get started here\">Get started here<\/a>.<\/p>\n<h2><strong>About Azure Cosmos DB<\/strong><\/h2>\n<p>Azure Cosmos DB is a fully managed and serverless NoSQL and vector database for modern app development, including AI applications. With its SLA-backed speed and availability as well as instant dynamic scalability, it is ideal for real-time NoSQL and MongoDB applications that require high performance and distributed computing over massive volumes of NoSQL and vector data.<\/p>\n<p>To stay in the loop on Azure Cosmos DB updates, follow us on\u00a0<a id=\"menurosb\" class=\"fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/twitter.com\/azurecosmosdb\" href=\"https:\/\/twitter.com\/AzureCosmosDB\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link X\">X<\/a>,\u00a0<a id=\"menurose\" class=\"fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/aka.ms\/azurecosmosdbyoutube\" href=\"https:\/\/aka.ms\/AzureCosmosDBYouTube\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link YouTube\">YouTube<\/a>, and\u00a0<a id=\"menurosh\" class=\"fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn\" title=\"https:\/\/www.linkedin.com\/company\/azure-cosmos-db\/\" href=\"https:\/\/www.linkedin.com\/company\/azure-cosmos-db\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Link LinkedIn\">LinkedIn<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security is no longer a nice-to-have\u2014it\u2019s a foundational requirement for any cloud-native architecture. As organizations adopt managed database services to support mission-critical applications, they must prioritize robust, scalable, and centralized security. Azure Cosmos DB for MongoDB (vCore) delivers high performance and flexibility, but it provides the most value when paired with well-implemented security practices. Authentication [&hellip;]<\/p>\n","protected":false},"author":103349,"featured_media":10214,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[12,15,1918,667],"tags":[],"class_list":["post-10144","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcements","category-mongodb-api","category-rbac","category-security"],"acf":[],"blog_post_summary":"<p>Security is no longer a nice-to-have\u2014it\u2019s a foundational requirement for any cloud-native architecture. As organizations adopt managed database services to support mission-critical applications, they must prioritize robust, scalable, and centralized security. Azure Cosmos DB for MongoDB (vCore) delivers high performance and flexibility, but it provides the most value when paired with well-implemented security practices. Authentication [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts\/10144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/users\/103349"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/comments?post=10144"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/posts\/10144\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/media\/10214"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/media?parent=10144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/categories?post=10144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cosmosdb\/wp-json\/wp\/v2\/tags?post=10144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}