Hey @bbarnell, the opposite actually! Universal Login paired with a refresh token flow does allow you to avoid the use of third party cookies, even without a custom domain. A custom domain would be required in an embedded login scenario.
In terms of dashboard settings - Your app should be configured to use refresh token rotation, and have the “refresh token” grant enabled. You will also need to enable “offline access” in whichever registered API you are using as audience.