Organization

MongoDB Atlas v4.5.0, Mar 12 26

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

IMPORTANT NOTE: When you establish an Atlas organization using this resource, it automatically generates a set of initial credentials. Defining description and role_names creates a Programmatic API Key (public and private key) — in this case, role_names must have the ORG_OWNER role specified. Defining a service_account block creates a Service Account (client ID and client secret) instead. The API does not allow creating both in the same request. These credential values are stored in the Terraform state and used by the resource for subsequent operations on the organization.

IMPORTANT NOTE: To use this resource, the requesting API Key must have the Organization Owner role. The requesting API Key’s organization must be a paying organization. To learn more, see Configure a Paying Organization in the MongoDB Atlas documentation.

Example Usage

With Programmatic API Key

import * as pulumi from "@pulumi/pulumi";
import * as mongodbatlas from "@pulumi/mongodbatlas";

const _this = new mongodbatlas.Organization("this", {
    orgOwnerId: "<ORG_OWNER_ID>",
    name: "testCreateORG",
    description: "test API key from Org Creation",
    roleNames: ["ORG_OWNER"],
});

import pulumi
import pulumi_mongodbatlas as mongodbatlas

this = mongodbatlas.Organization("this",
    org_owner_id="<ORG_OWNER_ID>",
    name="testCreateORG",
    description="test API key from Org Creation",
    role_names=["ORG_OWNER"])

package main

import (
	"github.com/pulumi/pulumi-mongodbatlas/sdk/v4/go/mongodbatlas"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := mongodbatlas.NewOrganization(ctx, "this", &mongodbatlas.OrganizationArgs{
			OrgOwnerId:  pulumi.String("<ORG_OWNER_ID>"),
			Name:        pulumi.String("testCreateORG"),
			Description: pulumi.String("test API key from Org Creation"),
			RoleNames: pulumi.StringArray{
				pulumi.String("ORG_OWNER"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Mongodbatlas = Pulumi.Mongodbatlas;

return await Deployment.RunAsync(() => 
{
    var @this = new Mongodbatlas.Organization("this", new()
    {
        OrgOwnerId = "<ORG_OWNER_ID>",
        Name = "testCreateORG",
        Description = "test API key from Org Creation",
        RoleNames = new[]
        {
            "ORG_OWNER",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.mongodbatlas.Organization;
import com.pulumi.mongodbatlas.OrganizationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var this_ = new Organization("this", OrganizationArgs.builder()
            .orgOwnerId("<ORG_OWNER_ID>")
            .name("testCreateORG")
            .description("test API key from Org Creation")
            .roleNames("ORG_OWNER")
            .build());

    }
}

resources:
  this:
    type: mongodbatlas:Organization
    properties:
      orgOwnerId: <ORG_OWNER_ID>
      name: testCreateORG
      description: test API key from Org Creation
      roleNames:
        - ORG_OWNER

Create Organization Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Organization(name: string, args?: OrganizationArgs, opts?: CustomResourceOptions);

@overload
def Organization(resource_name: str,
                 args: Optional[OrganizationArgs] = None,
                 opts: Optional[ResourceOptions] = None)

@overload
def Organization(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 api_access_list_required: Optional[bool] = None,
                 description: Optional[str] = None,
                 federation_settings_id: Optional[str] = None,
                 gen_ai_features_enabled: Optional[bool] = None,
                 multi_factor_auth_required: Optional[bool] = None,
                 name: Optional[str] = None,
                 org_owner_id: Optional[str] = None,
                 restrict_employee_access: Optional[bool] = None,
                 role_names: Optional[Sequence[str]] = None,
                 security_contact: Optional[str] = None,
                 service_account: Optional[OrganizationServiceAccountArgs] = None,
                 skip_default_alerts_settings: Optional[bool] = None)

func NewOrganization(ctx *Context, name string, args *OrganizationArgs, opts ...ResourceOption) (*Organization, error)

public Organization(string name, OrganizationArgs? args = null, CustomResourceOptions? opts = null)

public Organization(String name, OrganizationArgs args)
public Organization(String name, OrganizationArgs args, CustomResourceOptions options)

type: mongodbatlas:Organization
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args OrganizationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var organizationResource = new Mongodbatlas.Organization("organizationResource", new()
{
    ApiAccessListRequired = false,
    Description = "string",
    FederationSettingsId = "string",
    GenAiFeaturesEnabled = false,
    MultiFactorAuthRequired = false,
    Name = "string",
    OrgOwnerId = "string",
    RestrictEmployeeAccess = false,
    RoleNames = new[]
    {
        "string",
    },
    SecurityContact = "string",
    ServiceAccount = new Mongodbatlas.Inputs.OrganizationServiceAccountArgs
    {
        Description = "string",
        Name = "string",
        Roles = new[]
        {
            "string",
        },
        SecretExpiresAfterHours = 0,
        ClientId = "string",
        CreatedAt = "string",
        Secrets = new[]
        {
            new Mongodbatlas.Inputs.OrganizationServiceAccountSecretArgs
            {
                CreatedAt = "string",
                ExpiresAt = "string",
                Secret = "string",
                SecretId = "string",
            },
        },
    },
    SkipDefaultAlertsSettings = false,
});

example, err := mongodbatlas.NewOrganization(ctx, "organizationResource", &mongodbatlas.OrganizationArgs{
	ApiAccessListRequired:   pulumi.Bool(false),
	Description:             pulumi.String("string"),
	FederationSettingsId:    pulumi.String("string"),
	GenAiFeaturesEnabled:    pulumi.Bool(false),
	MultiFactorAuthRequired: pulumi.Bool(false),
	Name:                    pulumi.String("string"),
	OrgOwnerId:              pulumi.String("string"),
	RestrictEmployeeAccess:  pulumi.Bool(false),
	RoleNames: pulumi.StringArray{
		pulumi.String("string"),
	},
	SecurityContact: pulumi.String("string"),
	ServiceAccount: &mongodbatlas.OrganizationServiceAccountArgs{
		Description: pulumi.String("string"),
		Name:        pulumi.String("string"),
		Roles: pulumi.StringArray{
			pulumi.String("string"),
		},
		SecretExpiresAfterHours: pulumi.Int(0),
		ClientId:                pulumi.String("string"),
		CreatedAt:               pulumi.String("string"),
		Secrets: mongodbatlas.OrganizationServiceAccountSecretArray{
			&mongodbatlas.OrganizationServiceAccountSecretArgs{
				CreatedAt: pulumi.String("string"),
				ExpiresAt: pulumi.String("string"),
				Secret:    pulumi.String("string"),
				SecretId:  pulumi.String("string"),
			},
		},
	},
	SkipDefaultAlertsSettings: pulumi.Bool(false),
})

var organizationResource = new Organization("organizationResource", OrganizationArgs.builder()
    .apiAccessListRequired(false)
    .description("string")
    .federationSettingsId("string")
    .genAiFeaturesEnabled(false)
    .multiFactorAuthRequired(false)
    .name("string")
    .orgOwnerId("string")
    .restrictEmployeeAccess(false)
    .roleNames("string")
    .securityContact("string")
    .serviceAccount(OrganizationServiceAccountArgs.builder()
        .description("string")
        .name("string")
        .roles("string")
        .secretExpiresAfterHours(0)
        .clientId("string")
        .createdAt("string")
        .secrets(OrganizationServiceAccountSecretArgs.builder()
            .createdAt("string")
            .expiresAt("string")
            .secret("string")
            .secretId("string")
            .build())
        .build())
    .skipDefaultAlertsSettings(false)
    .build());

organization_resource = mongodbatlas.Organization("organizationResource",
    api_access_list_required=False,
    description="string",
    federation_settings_id="string",
    gen_ai_features_enabled=False,
    multi_factor_auth_required=False,
    name="string",
    org_owner_id="string",
    restrict_employee_access=False,
    role_names=["string"],
    security_contact="string",
    service_account={
        "description": "string",
        "name": "string",
        "roles": ["string"],
        "secret_expires_after_hours": 0,
        "client_id": "string",
        "created_at": "string",
        "secrets": [{
            "created_at": "string",
            "expires_at": "string",
            "secret": "string",
            "secret_id": "string",
        }],
    },
    skip_default_alerts_settings=False)

const organizationResource = new mongodbatlas.Organization("organizationResource", {
    apiAccessListRequired: false,
    description: "string",
    federationSettingsId: "string",
    genAiFeaturesEnabled: false,
    multiFactorAuthRequired: false,
    name: "string",
    orgOwnerId: "string",
    restrictEmployeeAccess: false,
    roleNames: ["string"],
    securityContact: "string",
    serviceAccount: {
        description: "string",
        name: "string",
        roles: ["string"],
        secretExpiresAfterHours: 0,
        clientId: "string",
        createdAt: "string",
        secrets: [{
            createdAt: "string",
            expiresAt: "string",
            secret: "string",
            secretId: "string",
        }],
    },
    skipDefaultAlertsSettings: false,
});

type: mongodbatlas:Organization
properties:
    apiAccessListRequired: false
    description: string
    federationSettingsId: string
    genAiFeaturesEnabled: false
    multiFactorAuthRequired: false
    name: string
    orgOwnerId: string
    restrictEmployeeAccess: false
    roleNames:
        - string
    securityContact: string
    serviceAccount:
        clientId: string
        createdAt: string
        description: string
        name: string
        roles:
            - string
        secretExpiresAfterHours: 0
        secrets:
            - createdAt: string
              expiresAt: string
              secret: string
              secretId: string
    skipDefaultAlertsSettings: false

Organization Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Organization resource accepts the following input properties:

ApiAccessListRequired bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

Description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

FederationSettingsId string

Unique 24-hexadecimal digit string that identifies the federation to link the newly created organization to. If specified, the proposed Organization Owner of the new organization must have the Organization Owner role in an organization associated with the federation. This attribute can't be updated after creation.

GenAiFeaturesEnabled bool

Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to true. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.

MultiFactorAuthRequired bool

Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.

Name string

The name of the organization.

OrgOwnerId string

Unique 24-hexadecimal digit string that identifies the Atlas user that you want to assign the Organization Owner role. This user must be a member of the same organization as the calling API key. This is only required when authenticating with Programmatic API Keys. MongoDB Atlas Admin API - Get User By Username. This attribute is required in creation and can't be updated later.

RestrictEmployeeAccess bool

Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.

RoleNames List<string>

List of Organization roles that the Programmatic API key needs to have. Ensure that you provide at least one role and ensure all roles are valid for the Organization. You must specify an array even if you are only associating a single role with the Programmatic API key. The MongoDB Documentation describes the roles that you can assign to a Programmatic API key. This attribute is required in creation and can't be updated later.

SecurityContact string

String that specifies a single email address for the specified organization to receive security-related notifications. Specifying a security contact does not grant them authorization or access to Atlas for security decisions or approvals.

ServiceAccount OrganizationServiceAccount

Block to create a Service Account instead of a Programmatic API Key when creating the organization. The API does not allow creating both in the same request. Mutually exclusive with description and role_names. This block can't be updated after creation. See Service Account.

SkipDefaultAlertsSettings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

ApiAccessListRequired bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

Description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

FederationSettingsId string

GenAiFeaturesEnabled bool

MultiFactorAuthRequired bool

Name string

The name of the organization.

OrgOwnerId string

RestrictEmployeeAccess bool

RoleNames []string

SecurityContact string

ServiceAccount OrganizationServiceAccountArgs

SkipDefaultAlertsSettings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired Boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description String

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId String

genAiFeaturesEnabled Boolean

multiFactorAuthRequired Boolean

name String

The name of the organization.

orgOwnerId String

restrictEmployeeAccess Boolean

roleNames List<String>

securityContact String

serviceAccount OrganizationServiceAccount

skipDefaultAlertsSettings Boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId string

genAiFeaturesEnabled boolean

multiFactorAuthRequired boolean

name string

The name of the organization.

orgOwnerId string

restrictEmployeeAccess boolean

roleNames string[]

securityContact string

serviceAccount OrganizationServiceAccount

skipDefaultAlertsSettings boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

api_access_list_required bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description str

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federation_settings_id str

gen_ai_features_enabled bool

multi_factor_auth_required bool

name str

The name of the organization.

org_owner_id str

restrict_employee_access bool

role_names Sequence[str]

security_contact str

service_account OrganizationServiceAccountArgs

skip_default_alerts_settings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired Boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description String

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId String

genAiFeaturesEnabled Boolean

multiFactorAuthRequired Boolean

name String

The name of the organization.

orgOwnerId String

restrictEmployeeAccess Boolean

roleNames List<String>

securityContact String

serviceAccount Property Map

skipDefaultAlertsSettings Boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

Outputs

All input properties are implicitly available as output properties. Additionally, the Organization resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
OrgId string: The organization id.
PrivateKey string: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
PublicKey string: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

Id string: The provider-assigned unique ID for this managed resource.
OrgId string: The organization id.
PrivateKey string: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
PublicKey string: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

id String: The provider-assigned unique ID for this managed resource.
orgId String: The organization id.
privateKey String: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
publicKey String: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

id string: The provider-assigned unique ID for this managed resource.
orgId string: The organization id.
privateKey string: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
publicKey string: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

id str: The provider-assigned unique ID for this managed resource.
org_id str: The organization id.
private_key str: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
public_key str: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

id String: The provider-assigned unique ID for this managed resource.
orgId String: The organization id.
privateKey String: Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.
publicKey String: Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

Look up Existing Organization Resource

Get an existing Organization resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OrganizationState, opts?: CustomResourceOptions): Organization

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        api_access_list_required: Optional[bool] = None,
        description: Optional[str] = None,
        federation_settings_id: Optional[str] = None,
        gen_ai_features_enabled: Optional[bool] = None,
        multi_factor_auth_required: Optional[bool] = None,
        name: Optional[str] = None,
        org_id: Optional[str] = None,
        org_owner_id: Optional[str] = None,
        private_key: Optional[str] = None,
        public_key: Optional[str] = None,
        restrict_employee_access: Optional[bool] = None,
        role_names: Optional[Sequence[str]] = None,
        security_contact: Optional[str] = None,
        service_account: Optional[OrganizationServiceAccountArgs] = None,
        skip_default_alerts_settings: Optional[bool] = None) -> Organization

func GetOrganization(ctx *Context, name string, id IDInput, state *OrganizationState, opts ...ResourceOption) (*Organization, error)

public static Organization Get(string name, Input<string> id, OrganizationState? state, CustomResourceOptions? opts = null)

public static Organization get(String name, Output<String> id, OrganizationState state, CustomResourceOptions options)

resources:  _:    type: mongodbatlas:Organization    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ApiAccessListRequired bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

Description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

FederationSettingsId string

GenAiFeaturesEnabled bool

MultiFactorAuthRequired bool

Name string

The name of the organization.

OrgId string

The organization id.

OrgOwnerId string

PrivateKey string

Private key returned for this organization API key. This key displays unredacted when first created and is stored in the Terraform state file. Used for subsequent resource operations. Only populated when no service_account block is defined.

PublicKey string

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

RestrictEmployeeAccess bool

RoleNames List<string>

SecurityContact string

ServiceAccount OrganizationServiceAccount

SkipDefaultAlertsSettings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

ApiAccessListRequired bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

Description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

FederationSettingsId string

GenAiFeaturesEnabled bool

MultiFactorAuthRequired bool

Name string

The name of the organization.

OrgId string

The organization id.

OrgOwnerId string

PrivateKey string

PublicKey string

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

RestrictEmployeeAccess bool

RoleNames []string

SecurityContact string

ServiceAccount OrganizationServiceAccountArgs

SkipDefaultAlertsSettings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired Boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description String

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId String

genAiFeaturesEnabled Boolean

multiFactorAuthRequired Boolean

name String

The name of the organization.

orgId String

The organization id.

orgOwnerId String

privateKey String

publicKey String

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

restrictEmployeeAccess Boolean

roleNames List<String>

securityContact String

serviceAccount OrganizationServiceAccount

skipDefaultAlertsSettings Boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description string

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId string

genAiFeaturesEnabled boolean

multiFactorAuthRequired boolean

name string

The name of the organization.

orgId string

The organization id.

orgOwnerId string

privateKey string

publicKey string

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

restrictEmployeeAccess boolean

roleNames string[]

securityContact string

serviceAccount OrganizationServiceAccount

skipDefaultAlertsSettings boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

api_access_list_required bool

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description str

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federation_settings_id str

gen_ai_features_enabled bool

multi_factor_auth_required bool

name str

The name of the organization.

org_id str

The organization id.

org_owner_id str

private_key str

public_key str

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

restrict_employee_access bool

role_names Sequence[str]

security_contact str

service_account OrganizationServiceAccountArgs

skip_default_alerts_settings bool

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

apiAccessListRequired Boolean

Flag that indicates whether to require API operations to originate from an IP Address added to the API access list for the specified organization.

description String

Programmatic API Key description. This attribute is required in creation and can't be updated later.

NOTE: Creating an organization will return a set of credentials that are stored in the Terraform state and used by the mongodbatlas.Organization resource for subsequent operations (read, update, delete) on the new organization. The credentials stored depend on the authentication method used during creation:

Programmatic API Key: public_key and private_key are stored. These credentials do not expire.
Service Account: service_account.client_id and service_account.secrets.0.secret are stored. Service Account secrets expire after the configured secret_expires_after_hours period. When the secret expires, the resource automatically falls back to provider-level credentials for subsequent operations.
In case of importing the resource, no organization-specific credentials are stored and provider credentials are used instead.
Terraform state contains sensitive credential data. Follow Terraform's best practices for sensitive data in state.

federationSettingsId String

genAiFeaturesEnabled Boolean

multiFactorAuthRequired Boolean

name String

The name of the organization.

orgId String

The organization id.

orgOwnerId String

privateKey String

publicKey String

Public API key value set for the specified organization API key. Stored in the Terraform state and used for subsequent resource operations. Only populated when no service_account block is defined.

restrictEmployeeAccess Boolean

roleNames List<String>

securityContact String

serviceAccount Property Map

skipDefaultAlertsSettings Boolean

Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to true.

NOTE: - If you create an organization with our Terraform provider version >=1.30.0, this field is set to true by default. - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be false, which is the API default value. To prevent the creation of future default alerts, set this explicitly to true.

Supporting Types

OrganizationServiceAccount, OrganizationServiceAccountArgs

Description string: Human readable description for the Service Account.
Name string: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
Roles List<string>: A list of organization-level roles for the Service Account.
SecretExpiresAfterHours int: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
ClientId string: The Client ID of the Service Account.
CreatedAt string: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
Secrets List<OrganizationServiceAccountSecret>: A list of secrets associated with the specified Service Account. See Secrets.

Description string: Human readable description for the Service Account.
Name string: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
Roles []string: A list of organization-level roles for the Service Account.
SecretExpiresAfterHours int: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
ClientId string: The Client ID of the Service Account.
CreatedAt string: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
Secrets []OrganizationServiceAccountSecret: A list of secrets associated with the specified Service Account. See Secrets.

description String: Human readable description for the Service Account.
name String: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
roles List<String>: A list of organization-level roles for the Service Account.
secretExpiresAfterHours Integer: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
clientId String: The Client ID of the Service Account.
createdAt String: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secrets List<OrganizationServiceAccountSecret>: A list of secrets associated with the specified Service Account. See Secrets.

description string: Human readable description for the Service Account.
name string: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
roles string[]: A list of organization-level roles for the Service Account.
secretExpiresAfterHours number: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
clientId string: The Client ID of the Service Account.
createdAt string: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secrets OrganizationServiceAccountSecret[]: A list of secrets associated with the specified Service Account. See Secrets.

description str: Human readable description for the Service Account.
name str: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
roles Sequence[str]: A list of organization-level roles for the Service Account.
secret_expires_after_hours int: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
client_id str: The Client ID of the Service Account.
created_at str: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secrets Sequence[OrganizationServiceAccountSecret]: A list of secrets associated with the specified Service Account. See Secrets.

description String: Human readable description for the Service Account.
name String: Human-readable name for the Service Account. The name is modifiable and does not have to be unique.
roles List<String>: A list of organization-level roles for the Service Account.
secretExpiresAfterHours Number: The expiration time of the new Service Account secret, provided in hours. The minimum and maximum allowed expiration times are subject to change and are controlled by the organization's settings.
WARNING: Service Account secrets expire after the configured secret_expires_after_hours period. To avoid losing access to the Atlas Administration API, update your application with the new client secret before the current one expires. If all secrets expire without being replaced, you will lose access to the organization. For more information, see Rotate Service Account Secrets.
clientId String: The Client ID of the Service Account.
createdAt String: The date that the Service Account was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secrets List<Property Map>: A list of secrets associated with the specified Service Account. See Secrets.

OrganizationServiceAccountSecret, OrganizationServiceAccountSecretArgs

CreatedAt string: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
ExpiresAt string: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
Secret string: The secret for the Service Account. It will be returned only the first time after creation.
SecretId string: Unique 24-hexadecimal digit string that identifies the secret.

CreatedAt string: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
ExpiresAt string: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
Secret string: The secret for the Service Account. It will be returned only the first time after creation.
SecretId string: Unique 24-hexadecimal digit string that identifies the secret.

createdAt String: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
expiresAt String: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secret String: The secret for the Service Account. It will be returned only the first time after creation.
secretId String: Unique 24-hexadecimal digit string that identifies the secret.

createdAt string: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
expiresAt string: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secret string: The secret for the Service Account. It will be returned only the first time after creation.
secretId string: Unique 24-hexadecimal digit string that identifies the secret.

created_at str: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
expires_at str: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secret str: The secret for the Service Account. It will be returned only the first time after creation.
secret_id str: Unique 24-hexadecimal digit string that identifies the secret.

createdAt String: The date that the secret was created on. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
expiresAt String: The date for the expiration of the secret. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
secret String: The secret for the Service Account. It will be returned only the first time after creation.
secretId String: Unique 24-hexadecimal digit string that identifies the secret.

Import

You can import an existing organization using the organization ID, e.g.:

$ pulumi import mongodbatlas:index/organization:Organization this 5d09d6a59ccf6445652a444a

IMPORTANT: When importing an existing organization, you should NOT specify the creation-only attributes (org_owner_id, description, role_names, federation_settings_id, service_account) in your Terraform configuration.

See the Guide: Importing MongoDB Atlas Organizations for more information.

For more information about the mongodbatlas.Organization resource see: MongoDB Atlas Admin API Organization.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: MongoDB Atlas pulumi/pulumi-mongodbatlas
License: Apache-2.0
Notes: This Pulumi package is based on the mongodbatlas Terraform Provider.

Viewing docs for MongoDB Atlas v4.5.0
published on Thursday, Mar 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-mongodbatlas

mongodbatlas.Organization

On this page

On this page

Example Usage

With Programmatic API Key

Create Organization Resource

Constructor syntax

Parameters

Constructor example

Organization Resource Properties

Inputs

Outputs

Look up Existing Organization Resource

Supporting Types

OrganizationServiceAccount, OrganizationServiceAccountArgs

OrganizationServiceAccountSecret, OrganizationServiceAccountSecretArgs

Import

Package Details

On this page

On this page