Generate a new SSO callback URL for an authenticator

You can use the copy option to copy your current authenticator information and create new authenticator. When the new authenticator is saved, a new SSO callback URL is generated and associated with it.
Important: Complete this task only if you configured your environment for enhanced sign in, your authenticator was created before December 2023, and you want to enable the IDP-initiated single sign-on (SSO) to the console. To verify if the authenticator was created before December 2023, you can view the SSO callback URL that is in the current authenticator.
  • If the SSO callback URL is in the format https://login.eid.blackberry.com/_/resume/saml20/<hash>, no further action is required.
  • If the SSO callback URL is “https://idp.blackberry.com/_/resume”, complete the following steps to generate the updated URL.
  1. In the Aurora Multi-Tenant Console, go to Settings > Administration.
  2. In the Authenticators tab, click the current IDP SAML authenticator that you need to update the SSO callback URL for.
  3. In the top right corner of the screen, click the Copy icon.
  4. Update the name of the copied authenticator.
  5. Click Save.
  6. Open the Authenticator that you copied. Record the SSO callback URL.
  7. Delete the previous IDP authenticator.
Edit the authentication policy to use the new authenticator. You can remove the authenticator that uses the old SSO callback URL.