Considerations for Adopting Universal Role-Based Access
You are encouraged to migrate to universal role-based access as soon as your organization is ready.
Before migrating to universal role-based access, note the following:
Customers can continue to use legacy authentication until they are prepared to migrate.
Migration to universal role-based access is permanent.
Universal role-based access supports concurrent local authentication and SAML 2.0 compliant third-party IdP authentication.
Universal role-based access does not support authentication from services such as LDAP, MS Active Directory, common access card (CAC), and personal identity verification (PIV).
Advanced Analytics and Data Lake are migrated separately.
User email addresses are required for migration. Each email address designates a single identity.
Customers using third-party IdPs need to update their IdP configuration to complete the migration process.
Legacy Advanced Analytics identities are still needed to authenticate into Cloud Connectors.
Note
When universal role-based access becomes available for Cloud Connectors, Cloud Connectors will automatically migrate to it.
Universal role-based access is not available for on-premises applications.