Update the legacy SSO callback URL in the PingOne portal for enhanced authentication to the Aurora Endpoint Defense console.
If your PingOne OIDC authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to update the redirect URIs and signoff URLs in your PingOne portal environment. The new callback URL uses an updated domain but with the same hash as the existing URL.
Updating the configuration is required if the
Redirect URIs and
Signoff URL fields use one of these domains, in these formats:
https://idp.blackberry.com/_/resume (where there is no hash value)https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
If the configuration is not updated by June 2026, a configuration error appears when the user is redirected to the PingOne login portal.
- In the PingOne portal, go to .
- Click the name of the current OIDC configuration app that you created for Aurora Endpoint Defense.
- In the Configuration tab, click Edit.
- In the Redirect URIs field, verify the domain of the existing callback URL and whether it has a hash value. If they are using these domains in one of these formats, you need to add a new callback URL:
https://idp.blackberry.com/_/resume (where there is no hash value)https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
- If the existing callback URL has a hash value, copy the hash value.
- In the Redirect URIs field, add a new callback URL in one of these formats:
- If the existing callback URL has no hash value, enter
https://idp.cs.cylance.com/_/resume.
- If the existing callback URL has a hash value, enter
https://idp.cs.cylance.com/_/resume/saml20/<hash> and replace <hash> with the hash value that you copied.
Keep the existing callback URL.
- Repeat for the Signoff URLs field.
- Click Save.
Log in to the Aurora Endpoint Defense to test the configuration.
