Update the domain in a legacy SSO callback URL in the IDP environment

If your IDP SAML authenticator for Aurora Multi-tenant Console (MTC) was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to add a separate callback URL in your IDP environment. The new callback URL uses an updated domain but the same hash as the existing URL.

In your IDP environment, verify that you are using a legacy SSO callback URL in one of these formats:
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  • https://idp.blackberry.com/_/resume (no hash value)
CAUTION: Do not remove the old URL. If it is removed before June 10, 2026, the configuration will break. The SSO callback URL in the SAML authenticator in the console will stay the same. It will be updated to the new URL after June 10.
  1. Log in to your IDP environment.
  2. If the existing SSO callback URL has a hash value, copy the hash value.
  3. Add a new callback URL in one of these formats:
    • https://idp.cs.cylance.com/_/resume/saml20/<hash> where <hash> is the hash value that you copied from the existing callback URL.
    • https://idp.cs.cylance.com/_/resume if the existing callback URL doesn't have a hash value
  4. Set the new callback URL as the default.
  5. Save the settings.
  6. Log in to the Aurora Multi-tenant Console (MTC) console to test the authentication.