Is MONGO_OIDC available on Azure CosmosDB for MongoDB RU version

Question

Is MONGO_OIDC available on Azure CosmosDB for MongoDB RU version

Monica Suh 40

Hello!

My team is using Azure Cosmos DB for MongoDB RU and we want to connect from our apps to our database using Microsoft Entra ID (i.e. via OIDC using a ManagedIdentityCredential). We came across an article (here) that describes how to use the MongoClient and the MONGO_OIDC authentication mechanism to authenticate to our database.

The issue is that this article seems to be specifically for CosmosDB for MongoDB vCore and I cannot find any documentation stating whether this would apply to CosmosDB MongoDB RU as well. I was assuming that Mongo driver compatibility would be the same between RU and vCore, but am now unsure because all the documentation on using MONGO_OIDC seems to be very vCore specific (i.e. the how-to > security section of MongoDB RU only contains articles about how to authenticate using key-based auth). So I was wondering

Is the MONGO_OIDC authentication mechanism compatible with CosmosDB MongoDB RU as well? Can you point me in the direction of any official documentation outlining this?
If not, are there any plans to make it compatible with MongoDB RU as well? What would be the timeline on that?

Thank you!

Mahesh Kurva 9,725 Reputation points Microsoft External Staff Moderator

2025-10-30T12:03:25.4133333+00:00

Hi Bohdan Martyniuk,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Bohdan Martyniuk 20 Reputation points

2025-10-30T13:05:43.26+00:00

Thank you for getting back to me. It seems that there isn't an easy solution available.
The best long-term approach would be to proceed with migrating RU to vCore, unless Microsoft adds AD authentication to RU-based databases.
Mahesh Kurva 9,725 Reputation points Microsoft External Staff Moderator

2025-10-30T13:18:05.0133333+00:00

Hi Bohdan Martyniuk,

Thanks for getting back to me.

You're right, currently, Azure AD authentication isn't supported for RU-based Cosmos DB accounts. Migrating to the vCore model is the best long-term option if AD integration is important for your setup.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer accepted by question author

0 additional answers

Your answer

Mahesh Kurva 9,725 Reputation points Microsoft External Staff Moderator

2025-10-30T12:03:25.4133333+00:00

Hi Bohdan Martyniuk,

We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Bohdan Martyniuk 20 Reputation points

2025-10-30T13:05:43.26+00:00

Thank you for getting back to me. It seems that there isn't an easy solution available.
The best long-term approach would be to proceed with migrating RU to vCore, unless Microsoft adds AD authentication to RU-based databases.
Mahesh Kurva 9,725 Reputation points Microsoft External Staff Moderator

2025-10-30T13:18:05.0133333+00:00

Hi Bohdan Martyniuk,

Thanks for getting back to me.

You're right, currently, Azure AD authentication isn't supported for RU-based Cosmos DB accounts. Migrating to the vCore model is the best long-term option if AD integration is important for your setup.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 1

Hi Bohdan Martyniuk,

Thank you for sharing your implementation details. I wanted to clarify the current state of authentication for Azure Cosmos DB for MongoDB (RU‑based) accounts:

1.Officially Supported Authentication

For RU‑based MongoDB API accounts, the officially supported authentication method is key‑based(using the account key). Microsoft does not currently support MONGO_OIDC or Azure AD/Managed Identity authentication for RU‑based accounts.

2.About the PLAIN Mechanism You Tried

The authMechanism: 'PLAIN' approach with an Azure AD token may appear to work because the token is being treated as a password by the database. However, this is not officially supported by Microsoft, and it may not provide the same guarantees as key-based authentication. Future updates could break this behavior.

3.Recommended Approach

To ensure stability, compliance, and supportability, we recommend switching to key‑based authentication for your RU‑mode MongoDB accounts.

4.Future Support for Managed Identity / OIDC

As of now, there is no publicly available roadmap or timeline indicating that RU-based accounts will support Managed Identity / OIDC authentication.

For more information, please refer the documents:

https://free.blessedness.top/en-us/azure/cosmos-db/mongodb/vcore/entra-authentication

https://free.blessedness.top/en-us/azure/cosmos-db/mongodb/connect-account

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Answer 2

Amira Bedhiafi 39,566 Volunteer Moderator

Hello Monica !

Thank you for posting on Microsoft Learn Q&A.

MONGO_OIDC is supported for Azure Cosmos DB for MongoDB vCore, not for the RU-based MongoDB API.

What’s supported today ?

vCore: has first-party Entra ID integration over OIDC, which is exactly what the MONGO_OIDC mechanism in the MongoDB drivers uses and works with managed identities/service principals.
RU (MongoDB API): direct Entra/OIDC auth isn’t supported and connections use key-based credentials.

Docs you can point to :

https://free.blessedness.top/en-us/azure/cosmos-db/mongodb/vcore/entra-authentication

https://free.blessedness.top/en-us/answers/questions/5510005/how-to-connect-to-cosmos-db-for-mongo-using-manage

Bohdan Martyniuk 20 Reputation points

2025-10-28T06:50:08.4566667+00:00
Thanks for explaining. I work with Monica on the same team and I've a few things to clarify.

I successfully used the following code snippet with Cosmos DB MongoDB API:

const credential = new ManagedIdentityCredential({ clientId }); const tokenResponse = await credential.getToken(scope); const client = new MongoClient(`mongodb://${hostname}`, { authMechanism: 'PLAIN', authSource: '$external', auth: { username: user, password: tokenResponse.token, }, mongodbLogComponentSeverities: { default: 'debug', command: 'off', }, mongodbLogPath: 'stderr', ...args, }); await client.connect();

This doesn't appear to be key-based authentication since:

We're using authMechanism: 'PLAIN'

We're passing an Azure AD token as the password

No primary/secondary keys are being used in the connection string

Could you clarify:

Is the 'PLAIN' auth mechanism a supported/valid approach for Cosmos DB MongoDB API?

If OIDC isn't supported, why does token-based auth work with 'PLAIN' mechanism?

Should we modify our implementation to use key-based auth instead?

Looking forward to your guidance on this.This doesn't appear to be key-based authentication since:

We're using authMechanism: 'PLAIN'

We're passing an Azure AD token as the password

No primary/secondary keys are being used in the connection string

Could you clarify:

Is the 'PLAIN' auth mechanism a supported/valid approach for Cosmos DB MongoDB API?

If OIDC isn't supported, why does token-based auth work with 'PLAIN' mechanism?

Should we modify our implementation to use key-based auth instead?

Looking forward to your guidance on this.
Thank you.

Share via

Is MONGO_OIDC available on Azure CosmosDB for MongoDB RU version

0 additional answers

Your answer