Okta: Update the current SSO callback URL in the OIDC app configuration

Update the legacy SSO callback URL in the Okta portal for enhanced authentication to the Aurora Endpoint Defense console.

If your Okta OIDC authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to update the sign-in redirect URIs and sign-out redirect URIs in your Okta portal environment. The new callback URL uses an updated domain but the same hash as the existing URL.
Updating the configuration is required if the Sign-in redirect URIs and Sign-out redirect URIs fields use one of these domains, in these formats:
  • https://idp.blackberry.com/_/resume (where there is no hash value)
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)

If the configuration is not updated by June 2026, a configuration error appears when the user is redirected to the Okta login portal.

  1. In the Okta portal, go to Applications > Applications.
  2. Search for and click the name of the current SAML configuration app that you created for Aurora Endpoint Defense.
  3. Click the General tab.
  4. In the SAML Settings section, click Edit.
  5. Click Next to skip the General Settings page.
  6. In the Sign-in redirect URIs field, verify the domain of the existing callback URL and whether it has a hash value. If they are using these domains in one of these formats, you need to update it with a new callback URL:
    • https://idp.blackberry.com/_/resume (where there is no hash value)
    • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  7. If the existing callback URL has a hash value, copy the hash value.
  8. In the Sign-in redirect URIs field, add a new callback URL at the top in one of these formats:
    • If the existing callback URL has no hash value, enter https://idp.cs.cylance.com/_/resume.
    • If the existing callback URL has a hash value, enter https://idp.cs.cylance.com/_/resume/saml20/<hash> and replace <hash> with the hash value that you copied.

    Keep the existing callback URLs.

  9. Repeat for the Sign-out redirect URIs field.
  10. Click Save.
Log in to the Aurora Endpoint Defense to test the configuration.