# IAM Migration ### Overview Your organization is being migrated to our new Identity and Access Management (IAM) system. This migration will modernize how permissions and roles work in your organization, providing better security and more granular control over user access. ### What's Changing The migration will: * Convert your existing legacy IAM roles to new managed IAM roles * Preserve user permissions and access levels * Maintain your current organization structure and workspaces * Enable new workspace-level access controls ### Important Information Before Migration #### Timeline The migration will be performed by our team and typically takes under an hour to complete. During the migration: * Users will continue to have access to the platform, however they may experience intermittent issues with access only during the migration * No data will be lost * Existing access will be preserved ### ⚠️ Action Required Before Migration #### SCIM Integration **If you are currently using SCIM for user provisioning, you MUST take action:** * **BEFORE migration**: Disable your current SCIM integration at the organization level * **AFTER migration**: Re-configure SCIM separately for each workspace where you need it * **CRITICAL**: If you keep your existing organization-level SCIM enabled after migration, newly provisioned users will NOT receive the correct permissions ### What Will Continue to Work #### Organization Settings All of your current organization settings will continue to work exactly as before: * **Single Sign-On (SSO)** configurations will remain active * **Multi-Factor Authentication (MFA)** enforcement policies will continue to apply * Organization-level security settings are preserved #### Existing Access Keys Your current API access keys will continue to function: * All existing access keys will remain valid and operational * No need to rotate or update keys immediately after migration ### What Will Change #### Custom Roles **Custom roles are not currently supported in the new IAM system:** * Only standard managed roles will be migrated * If you have custom roles, users with those roles will need to be assigned equivalent managed roles after migration * Contact our Support team if you have questions about which managed role best matches your custom role #### Group-Based Role Assignments **Role assignment groups will be converted to direct assignments:** * Any roles currently assigned through groups will be converted to direct user assignments * The groups themselves will no longer be used for role management * All users will retain their current permissions through these direct assignments #### Access Key Management **After migration, access key management will change:** * **Organization-level access keys** (created before migration): * Will continue to work with their existing permissions * Cannot be modified or have their roles changed * Cannot be used to create new keys at the organization level * Can only be deleted * **Workspace-level access keys** (new capability): * Each workspace can now create its own access keys * These keys can be managed (created, modified, deleted) within each workspace * Use these for new integrations and API access going forward ### Post-Migration #### Immediate Next Steps 1. **Verify user access**: Confirm that your team members can still access their workspaces 2. **Re-configure SCIM** (if applicable): Set up SCIM separately for each workspace that needs it 3. **Update access keys** (over time): Gradually migrate from organization-level access keys to workspace-level access keys for better security and management #### Getting Help If you have questions or encounter any issues during or after the migration: * Contact our support team at * Reference your organization ID when reaching out * Our team is here to help ensure a smooth transition ### Summary of Key Points ✅ **Will Continue Working:** * User access and permissions * SSO and MFA settings * Existing API access keys * All workspaces and data ⚠️ **Requires Action:** * Disable SCIM before migration (if in use) * Re-configure SCIM per workspace after migration 🔄 **Will Change:** * Custom roles → Managed roles * Group assignments → Direct assignments * Organization access keys → Workspace access keys (for new keys) *** *This migration is designed to enhance your security and provide more flexible access control. While there are some changes to be aware of, the vast majority of your current setup will continue to work seamlessly.* --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.bird.com/applications/settings/account/iam-migration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.