diff --git a/source/core/authentication.txt b/source/core/authentication.txt index e5c53de6428..ce36e9da38c 100644 --- a/source/core/authentication.txt +++ b/source/core/authentication.txt @@ -12,46 +12,50 @@ Authentication :depth: 1 :class: singlecol -Authentication is the process of verifying the identity of a client. When -access control, i.e. :doc:`authorization `, is enabled, -MongoDB requires all clients to authenticate themselves in order to determine -their access. +Authentication is the process of verifying the identity of a client. +When access control (:doc:`authorization `) is +enabled, MongoDB requires all clients to authenticate themselves in +order to determine their access. -Although authentication and :doc:`authorization ` are -closely connected, authentication is distinct from authorization. -Authentication verifies the identity of a user; authorization determines the -verified user's access to resources and operations. +Although authentication and :doc:`authorization ` +are closely connected, authentication is distinct from authorization: -Authentication Methods ----------------------- +- **Authentication** verifies the identity of a :ref:`user `. +- **Authorization** determines the verified user's access to resources + and operations. -.. include:: /includes/fact-authenticate.rst +Getting Started +--------------- + +To get started using access control, follow these tutorials: + +- :ref:`enable-access-control` +- :ref:`add-new-user` .. _available-authentication-mechanisms: Authentication Mechanisms ------------------------- -MongoDB supports a number of :ref:`authentication mechanisms +MongoDB Community supports a number of :ref:`authentication mechanisms ` that clients can use to verify -their identity. These mechanisms allow MongoDB to integrate into your -existing authentication system. - -MongoDB supports multiple authentication mechanisms: +their identity: - :ref:`authentication-scram` (*Default*) - - :ref:`x.509 Certificate Authentication `. -In addition to supporting the aforementioned mechanisms, MongoDB Enterprise -also supports the following mechanisms: +In addition to the preceding mechanisms, MongoDB Atlas and MongoDB +Enterprise support the following mechanisms: - :ref:`LDAP proxy authentication `, and - - :ref:`Kerberos authentication `. -Internal Authentication ------------------------ +These mechanisms allow MongoDB to integrate into your +existing authentication system. + + +Internal / Membership Authentication +------------------------------------ In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to :ref:`authenticate @@ -59,14 +63,6 @@ their membership ` to their respective replica set or sharded cluster. See :ref:`inter-process-auth` for more information. -Authentication on Sharded Clusters ----------------------------------- - -In sharded clusters, clients generally authenticate directly to the -:binary:`~bin.mongos` instances. However, some maintenance operations may require -authenticating directly to a specific shard. For more information on -authentication and sharded clusters, see :ref:`sharding-security`. - .. toctree:: :titlesonly: :hidden: