mongodb · maastha · Apr 11, 2025 · Apr 8, 2025 · Apr 9, 2025 · Apr 9, 2025
@@ -0,0 +1,11 @@
+```release-note:enhancement
+resource/mongodbatlas_organization: Adds `security_contact` attribute
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_organization: Adds `security_contact` attribute
+```
+
+```release-note:enhancement
+data-source/mongodbatlas_organizations: Adds `security_contact` attribute
+```
@@ -27,6 +27,7 @@ In addition to all arguments above, the following attributes are exported:
 * `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
 * `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
 * `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.
+* `security_contact` - (Optional) String that specifies a single email address for the specified organization to receive security-related notifications. Specifying a security contact does not grant them authorization or access to Atlas for security decisions or approvals.
 * `skip_default_alerts_settings` - (Optional) Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to `true`.
 
 

@@ -32,6 +32,7 @@ data "mongodbatlas_organizations" "test" {
 * `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
 * `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
 * `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.
+* `security_contact` - (Optional) String that specifies a single email address for the specified organization to receive security-related notifications. Specifying a security contact does not grant them authorization or access to Atlas for security decisions or approvals.
 * `skip_default_alerts_settings` - (Optional) Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to `true`. 
 
 ~> **NOTE:** - If you create an organization with our Terraform provider version >=1.30.0, this field is set to `true` by default.<br> - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be `false`, which is the [API default value](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Organizations/operation/createOrganization). To prevent the creation of future default alerts, set this explicitly to `true` using the [`mongodbatlas_organization`](../resources/organization.md) resource.

@@ -33,6 +33,7 @@ resource "mongodbatlas_organization" "test" {
 * `multi_factor_auth_required` - (Optional) Flag that indicates whether to require users to set up Multi-Factor Authentication (MFA) before accessing the specified organization. To learn more, see: https://www.mongodb.com/docs/atlas/security-multi-factor-authentication/.
 * `restrict_employee_access` - (Optional) Flag that indicates whether to block MongoDB Support from accessing Atlas infrastructure for any deployment in the specified organization without explicit permission. Once this setting is turned on, you can grant MongoDB Support a 24-hour bypass access to the Atlas deployment to resolve support issues. To learn more, see: https://www.mongodb.com/docs/atlas/security-restrict-support-access/.
 * `gen_ai_features_enabled` - (Optional) Flag that indicates whether this organization has access to generative AI features. This setting only applies to Atlas Commercial and defaults to `true`. With this setting on, Project Owners may be able to enable or disable individual AI features at the project level. To learn more, see https://www.mongodb.com/docs/generative-ai-faq/.
+* `security_contact` - (Optional) String that specifies a single email address for the specified organization to receive security-related notifications. Specifying a security contact does not grant them authorization or access to Atlas for security decisions or approvals.
 * `skip_default_alerts_settings` - (Optional) Flag that indicates whether to prevent Atlas from automatically creating organization-level alerts not explicitly managed through Terraform. Defaults to `true`. 
 
 ~> **NOTE:** - If you create an organization with our Terraform provider version >=1.30.0, this field is set to `true` by default.<br> - If you have an existing organization created with our Terraform provider version <1.30.0, this field might be `false`, which is the [API default value](https://www.mongodb.com/docs/atlas/reference/api-resources-spec/v2/#tag/Organizations/operation/createOrganization). To prevent the creation of future default alerts, set this explicitly to `true`.

@@ -6,6 +6,7 @@ resource "mongodbatlas_organization" "test" {
   multi_factor_auth_required = true
   restrict_employee_access   = true
   api_access_list_required   = false
+  security_contact           = var.security_contact
 }
 
 output "org_id" {

@@ -10,6 +10,10 @@ variable "org_owner_id" {
   type        = string
   description = "MongoDB Organization Owner ID"
 }
+variable "security_contact" {
+  type        = string
+  description = "Email address for the organization to receive security-related notifications"
+}
 
 
 

@@ -63,6 +63,10 @@ func DataSource() *schema.Resource {
 				Type:     schema.TypeBool,
 				Computed: true,
 			},
+			"security_contact": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
@@ -109,6 +113,9 @@ func dataSourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.
 	if err := d.Set("gen_ai_features_enabled", settings.GenAIFeaturesEnabled); err != nil {
 		return diag.Errorf("error setting `gen_ai_features_enabled` for organization (%s): %s", orgID, err)
 	}
+	if err := d.Set("security_contact", settings.SecurityContact); err != nil {
+		return diag.Errorf("error setting `security_contact` for organization (%s): %s", orgID, err)
+	}
 
 	d.SetId(organization.GetId())
 

@@ -83,6 +83,10 @@ func PluralDataSource() *schema.Resource {
 							Type:     schema.TypeBool,
 							Computed: true,
 						},
+						"security_contact": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
 					},
 				},
 			},
@@ -148,6 +152,7 @@ func flattenOrganizations(ctx context.Context, conn *admin.APIClient, organizati
 			"multi_factor_auth_required":   settings.MultiFactorAuthRequired,
 			"restrict_employee_access":     settings.RestrictEmployeeAccess,
 			"gen_ai_features_enabled":      settings.GenAIFeaturesEnabled,
+			"security_contact":             settings.SecurityContact,
 		}
 	}
 	return results, nil

@@ -89,6 +89,10 @@ func Resource() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+			"security_contact": {
+				Type:     schema.TypeString,
+				Optional: true,
+			},
 		},
 	}
 }
@@ -201,6 +205,9 @@ func resourceRead(ctx context.Context, d *schema.ResourceData, meta any) diag.Di
 	if err := d.Set("gen_ai_features_enabled", settings.GenAIFeaturesEnabled); err != nil {
 		return diag.Errorf("error setting `gen_ai_features_enabled` for organization (%s): %s", orgID, err)
 	}
+	if err := d.Set("security_contact", settings.SecurityContact); err != nil {
+		return diag.Errorf("error setting `security_contact` for organization (%s): %s", orgID, err)
+	}
 
 	d.SetId(conversion.EncodeStateID(map[string]string{
 		"org_id": organization.GetId(),
@@ -238,7 +245,8 @@ func resourceUpdate(ctx context.Context, d *schema.ResourceData, meta any) diag.
 	if d.HasChange("api_access_list_required") ||
 		d.HasChange("multi_factor_auth_required") ||
 		d.HasChange("restrict_employee_access") ||
-		d.HasChange("gen_ai_features_enabled") {
+		d.HasChange("gen_ai_features_enabled") ||
+		d.HasChange("security_contact") {
 		if _, _, err := conn.OrganizationsApi.UpdateOrganizationSettings(ctx, orgID, newOrganizationSettings(d)).Execute(); err != nil {
 			return diag.FromErr(fmt.Errorf("error updating Organization settings: %s", err))
 		}
@@ -300,6 +308,7 @@ func newOrganizationSettings(d *schema.ResourceData) *admin.OrganizationSettings
 		MultiFactorAuthRequired: conversion.Pointer(d.Get("multi_factor_auth_required").(bool)),
 		RestrictEmployeeAccess:  conversion.Pointer(d.Get("restrict_employee_access").(bool)),
 		GenAIFeaturesEnabled:    conversion.Pointer(d.Get("gen_ai_features_enabled").(bool)),
+		SecurityContact:         conversion.Pointer(d.Get("security_contact").(string)),
 	}
 }