000032677 - How to move users and tokens from one RSA Authentication Manager 8.1 server to another

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000032677
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.1
IssueWhen trying to import users and tokens from one Authentication Manager 8.1 server to another the import fails with the following error:
 
There was a problem processing your request.
An error occurred while decrypting data. The import file is corrupt.

User-added image
ResolutionBefore continuing, please a backup of the database from the Operations Console (Maintenance > Backup and Restore > Backup Now) or take a snapshot of the virtual server.
The steps below provide information on how to export users from one Authentication Manager 8.1 deployment to another.

1.  Download the encryption key from Security Console of the Authentication Manager 8.1 target deployment
  1. In the Security Console of the target deployment, click Administration > Export/ Import Tokens and Users > Download Encryption Key.
  2. Click Download Now.
  3. Use the File Download dialog box to select a location for the encryption key, and click Save.
  4. Complete the save operation to your local directory, as required by your browser.
  5. Click Done.  
2.  Export users and tokens from the Security Console of Authentication Manager 8.1 source deployment
  1. In the Security Console of the source deployment, click Administration > Export/Import Tokens and Users > Export Tokens and Users.
  2. In the Encryption Key Location field, browse to the encryption key that you downloaded from the target deployment.
  3. In the Export Job Name field, specify the name of the export job. RSA recommends you keep the default job name. If you edit the job name, the new name must be unique.
  4. In the Export Type field, select Users with Tokens.
  5. Click Next
3.  Import the users and tokens from the Security Console of the Authentication Manager 8.1 target deployment
  1. In the Security Console of the target deployment, click Administration > Export/Import Tokens and Users > Import Tokens and Users.
  2. In the Import Job Name field, specify the name of the import job.
  3. Select the import file location.
  4. Click Next.
Users and tokens are successfully imported to the Authentication Manager 8.1 target deployment.
 
Notes
  1. If the Authentication Manager 8.1 source server uses an external identity source but the target does not, imported users will be saved to the internal database.
  2. The encryption key is the public key corresponding to an RSA public-private key pair.  The key ensures the following:
  • Token and user records being exported can be imported only to the target deployment.
  • The exported data is encrypted, thus preventing the data from being read or tampered with in transit.
  • The source and target deployments communicate only with each other.
  • You must download the encryption key from the target deployment before exporting users or tokens from a source deployment.

Attachments

    Outcomes