Update the domain in a legacy SSO callback URL in the IDP environment

If your IDP SAML authenticator for Aurora Endpoint Defense was created before June 2026, you might be using an SSO callback URL with a legacy domain for authentication. To ensure continuity for upcoming changes to the URL in June 2026, you need to add a separate callback URL in your IDP environment. The new callback URL uses an updated domain but the same hash as the existing URL.

In your IDP environment, verify that you are using a legacy SSO callback URL in one of these formats:
  • https://login.eid.blackberry.com/_/resume/saml20/<hash> (where <hash> is the hash value)
  • https://idp.blackberry.com/_/resume (no hash value)
  1. Log in to your IDP environment.
  2. If the existing SSO callback URL has a hash value, copy the hash value.
  3. Add a new callback URL in one of these formats:
    • https://idp.cs.cylance.com/_/resume/saml20/<hash> where <hash> is the hash value that you copied from the existing callback URL.
    • https://idp.cs.cylance.com/_/resume if the existing callback URL doesn't have a hash value.
  4. Set the new callback URL as the default.
  5. Save the settings.
  6. Log in to the Aurora Endpoint Defense console to test the authentication.