Update the domain in a legacy SSO callback URL in the IDP environment
If your IDP authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to add a separate callback URL in your IDP environment. The new callback URL uses an updated domain but with the same hash as the existing URL.
In your IDP environment, you need to add a separate callback URL in the authenticator app settings if you are using a legacy SSO callback URL in one of these formats:
https://login.eid.blackberry.com/_/resume/saml20/<hash>tohttps://idp.cs.cylance.com/_/resume/saml20/<hash>(where <hash> is the hash value)https://idp.blackberry.com/_/resumetohttps://idp.cs.cylance.com/_/resume(no hash value)
CAUTION: Do not remove the old URL. If it is removed before June 10, 2026, the configuration will break. The SSO callback URL in the SAML authenticator in the console will stay the same. It will be updated to the new URL after June 10.
For instructions on updating the callback URL in specific IDP environments, see one of these:
- Entra: Update the current SSO callback URL in the SAML app configuration
- Okta: Update the current SSO callback URL in the OIDC app configuration
- Okta: Update the current SSO callback URL in the SAML app configuration
- OneLogin: Update the current SSO callback URL in the OIDC app configuration
- OneLogin: Update the current SSO callback URL in the SAML app configuration
- PingOne: Update the current SSO callback URL in the OIDC app configuration
- PingOne: Update the current SSO callback URL in the SAML app configuration