Okta: Update the current SSO callback URL in the SAML app configuration

Update the legacy SSO callback URL in the Okta portal for enhanced authentication to the Aurora Endpoint Defense console.

If your Okta SAML authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to update the Single-sign on URL setting in your Okta portal environment. The new callback URL uses an updated domain but the same hash as the existing URL.
Action to update the configuration is required if the Single-sign on URL field uses one of these domains, in these formats:
  • https://idp.blackberry.com/_/resume (where there is no hash value)
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)

If the configuration is not updated by June 2026, a configuration error appears when the user is redirected to the Okta login portal.

  1. In the Okta portal, go to Applications > Applications.
  2. Search for and click the name of the current SAML configuration app that you created for Aurora Endpoint Defense.
  3. Click the General tab.
  4. In the SAML Settings section, click Edit.
  5. Click Next to skip the General Settings page.
  6. In the Single sign-on URL field, verify the domain of the existing callback URL and whether it has a hash value. If they are using these domains in one of these formats, you need to update it with a new callback URL:
    • https://idp.blackberry.com/_/resume (where there is no hash value)
    • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  7. Copy the existing callback URL and add it to the Other Requestable SSO URLs field.
    1. Click Show Advanced Settings.
    2. Beside Other Requestable SSO URLs, click Add another.
    3. Paste the existing SSO URL.
    4. Set the index number to a unique number, such as 1.
  8. If the existing callback URL has a hash value, copy the hash value.
  9. In the Single sign-on URL field, set a new callback URL in one of these formats:
    • If the existing callback URL has no hash value, enter https://idp.cs.cylance.com/_/resume.
    • If the existing callback URL has a hash value, enter https://idp.cs.cylance.com/_/resume/saml20/<hash> and replace <hash> with the hash value that you copied.
  10. Click Next.
  11. Click Finish.
Log in to the Aurora Endpoint Defense to test the configuration.