OneLogin: Update the current SSO callback URL in the OIDC app configuration

Update the legacy SSO callback URL in the OneLogin portal for enhanced authentication to the Aurora Endpoint Defense console.

If your OneLogin SAML authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to update the redirect URIs and post logout redirect URIs in your OneLogin portal environment. The new callback URL uses an updated domain but with the same hash as the existing URL.
Updating the configuration is required if the Redirect URI and Post Logout Redirect URI fields use one of these domains, in these formats:
  • https://idp.blackberry.com/_/resume (where there is no hash value)
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)

If the configuration is not updated by June 2026, a configuration error appears when the user is redirected to the OneLogin login portal.

  1. In the OneLogin portal, go to Applications > Applications.
  2. Click the name of the current OIDC configuration app that you created for Aurora Endpoint Defense.
  3. Click Configuration.
  4. In the Redirect URIs field, verify the domain of the existing callback URL and whether it has a hash value. If they are using these domains in one of these formats, you need to add a new callback URL:
    • https://idp.blackberry.com/_/resume (where there is no hash value)
    • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  5. If the existing callback URL has a hash value, copy the hash value.
  6. In the Redirect URI's field, enter a new callback URL at the top of the list in one of these formats:
    • If the existing callback URL has no hash value, enter https://idp.cs.cylance.com/_/resume.
    • If the existing callback URL has a hash value, enter https://idp.cs.cylance.com/_/resume/saml20/<hash> and replace <hash> with the hash value that you copied.

    Keep the existing callback URL.

  7. Repeat for the Post Logout Redirect URIs field.
  8. Click Save.
Log in to the Aurora Endpoint Defense to test the configuration.