PingOne: Update the current SSO callback URL in the SAML app configuration

Update the legacy SSO callback URL in the PingOne portal for enhanced authentication to the Aurora Endpoint Defense console.

If your PingOne SAML authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to update the Assertion Consumer Service (ACS) URL and Application URL in your PingOne portal environment. The new callback URL uses an updated domain but with the same hash as the existing URL.
Updating the configuration is required if the Assertion Consumer Service (ACS) URL and Application URL fields use one of these domains, in these formats:
  • https://idp.blackberry.com/_/resume (where there is no hash value)
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)

If the configuration is not updated by June 2026, a configuration error appears when the user is redirected to the PingOne login portal.

  1. In the PingOne portal, go to Applications > SAML.
  2. Click the name of the current SAML configuration app that you created for Aurora Endpoint Defense.
  3. Click Edit.
  4. Click Continue to Next Step.
  5. In the Assertion Consumer Service (ACS) field, verify the domain of the existing callback URL and whether it has a hash value. If they are using these domains in one of these formats, you need to update it with a new callback URL:
    • https://idp.blackberry.com/_/resume (where there is no hash value)
    • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  6. If the existing callback URL has a hash value, copy the hash value.
  7. In the ACS (Consumer) URL field, add a new callback URL in one of these formats:
    • If the existing callback URL has no hash value, enter https://idp.cs.cylance.com/_/resume.
    • If the existing callback URL has a hash value, enter https://idp.cs.cylance.com/_/resume/saml20/<hash> and replace <hash> with the hash value that you copied.
  8. Make sure the new callback URL is at the top of the list so that it is the default. Keep the old callback URL.
  9. Click Save.
Log in to the Aurora Endpoint Defense to test the configuration.