3 Ways to Remove Users from Your MongoDB Organization

Explore three straightforward methods to remove users from your MongoDB organization, ensuring clean, secure access control
The author of the article Chris Shuptrine
Aug 2025
3 Ways to Remove Users from Your MongoDB Organization

Pruning outdated user accounts in MongoDB isn’t just housekeeping; it’s a safety net against accidental data leaks and privilege creep. When contractors finish, teams reshuffle, or an API key goes public, you need a quick response.

This guide walks through three reliable paths, Atlas web console, MongoDB CLI, and direct mongosh commands, to drop users cleanly from an organization. You’ll know where to click or type, what roles vanish, and how to confirm access is gone.

Table of Contents

Pro Tip: Too long? Ask ChatGPT to summarize →

Use MongoDB’s UI

Use the MongoDB Atlas UI to remove a user from your organization.

Step 1. Sign in and pick the right organization

  • Log in to the Atlas UI.
  • From the organization dropdown at top left, select the organization that holds the user you plan to remove.

Step 2. Open the Access Manager

  • In the left menu, expand Organization and click Access Manager.

This page lists every user in the organization and the roles they hold.

Step 3. Locate the user

  • Scroll or use the search bar to locate the user’s email address.
  • Confirm the address; deleting it also deletes every organization and project role attached to it.

Step 4. Start the removal

  • On that user’s row, open the three-dot menu.
  • Select Remove User from that menu to begin removal.

Step 5. Confirm

  • A confirmation window appears, reminding you that the user will lose access immediately.
  • Type REMOVE or click Confirm, depending on what your UI shows.

After you confirm, the user disappears from the list and can no longer sign in to any project in this organization.

Use Torii

Skip the MongoDB admin screens and let Torii, a SaaS management platform, remove users for you. From a single dashboard, the tool helps teams onboard or offboard people, check subscription details, and handle plenty of other SaaS chores.

With Torii, this task becomes fully automated, kicking in whenever a predefined trigger occurs. Typical triggers include a new-hire start date, an exit date, or a contract renewal, which removes the need for repetitive manual effort.

Here’s how to remove a user from your MongoDB organization through Torii:

1. Sign up for Torii

Contact Torii to request a free two-week proof of concept.

2. Connect your MongoDB account to Torii

Once your Torii workspace is active, link your existing MongoDB instance. Follow the steps in the MongoDB integration instructions.

torii mongodb dashboard

3. Create a Torii workflow for MongoDB

In Torii’s Workflows tab, set up an automation that removes the user from MongoDB. Pick a trigger, choose the action to remove the user, and save. From then on, whenever the trigger fires, MongoDB will be updated automatically.

creating mongodb workflows in torii

Use MongoDB’s API

You’ll call the Atlas Admin API endpoint that deletes a single user record from the org. Nothing happens in the UI, everything depends on one authenticated DELETE request.

1. Gather the IDs

  • orgId: Find it in any Atlas project settings or by calling GET /api/atlas/v1.0/orgs.
  • userId: Call GET /api/atlas/v1.0/orgs/{orgId}/users and copy the id field for the user you want gone.

Keep both IDs handy; they’re path parameters.

2. Build the DELETE request

Use this endpoint pattern, matching the name in MongoDB’s docs:

DELETE /api/atlas/v1.0/orgs/{orgId}/users/{userId}

The request must carry the following headers for Atlas to accept it:

  • Content-Type</b>: application/json
  • Accept</b>: application/json
  • HTTP Digest or basic auth with your public and private API keys.

3. Send it

Here’s one curl example that uses basic auth; replace placeholders before running:

curl --user ":" \
--digest \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--request DELETE \
"https://cloud.mongodb.com/api/atlas/v1.0/orgs//users/"

A 200 OK response with the removed user’s JSON appears if the call succeeds.

4. Verify the user is gone

Run the same listing call you used in step 1:

GET /api/atlas/v1.0/orgs/{orgId}/users

If the userId no longer appears in the array, the deletion stuck.

Torii for SaaS Management

Take control of your SaaS stack and let us know if you’d like to learn more. Torii’s SaaS Management Platform helps you:

  • Expose shadow apps: Run continuous, AI-backed discovery that spots unauthorized tools the moment they appear, giving you full visibility.
  • Reduce spend: Find idle seats and duplicate services, then turn them off before they burn cash your teams could use elsewhere.
  • Automate employee lifecycle tasks: Hand off provisioning and offboarding so accounts open quickly and close on schedule, reducing manual work and risk.
  • Stay ahead of renewals: Receive early reminders and usage data so you renew only what you need, avoiding surprise invoices later on.

Torii unites Finance, IT, and Security around the same data by delivering the first true end-to-end SaaS Management Platform.

For a deeper look at the platform and the problems it solves, head over to Torii.

Frequently Asked Questions

You have three reliable options: open the Atlas UI and click Access Manager to delete the email, call Torii to run an automated offboarding workflow, or send a DELETE request to the Atlas Admin API with orgId and userId. Choose whichever fits.

Old accounts expand the attack surface. Removing unused users limits accidental data exposure, stops privilege creep when teams reshuffle, and prevents leaked keys from granting access. Regular pruning keeps the organization compliant and reduces manual audits later.

Yes. After connecting MongoDB to Torii, you can build a workflow that fires on triggers like exit date or contract end. When the trigger runs, Torii calls the Atlas API and wipes the user automatically, no manual clicks required.

Use the authenticated endpoint DELETE /api/atlas/v1.0/orgs/{orgId}/users/{userId}. Supply the orgId and userId in the path plus Accept and Content-Type headers set to application/json. Authenticate with HTTP digest or basic auth using your public and private Atlas API keys.

Deleting the user removes every organization and project role tied to that email, including Owner, Project ReadWrite, or custom roles. Access to all clusters, databases, and resources under the organization disappears immediately once you confirm the removal.

Refresh Access Manager in the Atlas UI or rerun GET /api/atlas/v1.0/orgs/{orgId}/users. If the userId or email no longer appears, the deletion stuck. You can also attempt a login; valid credentials will now fail.