Set Up for MongoDB authentication

Create a MongoDB record in order to authenticate to a MongoDB database instance running on a Unix host. Unix authentication is required so you'll also need a Unix record for the host running the database. Make sure the IP addresses you define in your MongoDB records are also defined in Unix records.

MongoDB authentication is supported for vulnerability scans and compliance scans using Qualys apps VM, PC, SCA. We strongly recommend you create one or more dedicated user accounts to be used solely by the Qualys Cloud Platform to authenticate to MongoDB instances.

Which technologies are supported?

- MongoDB 3.x, MongoDB 4.x

How do I get started?

- Go to Scans > Authentication.

- Check that you have a Unix record already defined for the host running the database.

- Create a MongoDB record for the same host. Go to New > MongoDB Record.

Tell me about user permissions

Your record settings

You’ll need to tell us the user account to be used for authentication, the database instance to authenticate to, and the port where the database is installed.

The type of authentication method you use depends on your server settings and how you've configured client authentication.

You can use:

- a password (enter it on the Login Credentials tab or get it from a password vault),

- a client certificate (select Private key/certificate based as authentication type on the Login Credentials tab),

- a password AND client certificate (select Basic authentication type and enter password then select Private key/certificate based and enter certificate information).  

On the Unix tab, tell us the full path to the MongoDB configuration file on your Unix hosts. The file must be in the same location on all IPs listed in the record. If the file is in a different location for some hosts you must create additional records for those hosts.

Quick Links

Why use host authentication

Vault Support Matrix

MongoDB Auth PDF Icon