Export Users with Tokens

Use the Security Console to export users with tokens from a deployment. The records can subsequently be imported into another deployment. Only users with assigned tokens will be exported.

You can add users to groups and choose only those groups at export time. You can use groups to filter users, but the groups are not exported, and group memberships are not exported.

For information on how exporting users affects risk-based authentication (RBA), on-demand authentication (ODA), and RADIUS usage, see Exporting and Importing Users and Tokens Between Deployments.

Before you begin

  • Download the encryption key from the target deployment where you will import these users and tokens. See Download the Encryption Key.

  • Make sure you understand how this operation will affect the identity sources. See Exporting and Importing Users and Tokens Between Deployments.

  • Select the security domain where the user records being exported are located. It is possible for the tokens to reside in a different security domain than the user records. Tokens follow their user records.


  1. In the Security Console of the source deployment, click Administration > Export/Import Tokens and Users > Export Tokens and Users.

  2. In the Encryption Key Location field, browse to the encryption key that you downloaded from the target deployment.

  3. In the Export Job Name field, specify the name of the export job. RSA recommends you keep the job name default. If you edit the job name, the new name must be unique.

  4. In theExport Type field, select Users with Tokens.

  5. Click Next.

  6. From the User Selection page, in the Security Domain field, select the security domain where the users being exported are located.

  7. In the Subdomains field, select Include subdomains only if you want to include the subdomains of the selected security domain.

  8. In the User Selection field, do one of the following:

    • Export all users in the selected security domain.

    • Search for groups of users to export. Within these groups, only users in the selected security domain and its subdomains are exported. Users in other security domains are ignored. Tokens associated with the users being exported are exported regardless of security domain.

    • Select the ODA User Attributes checkbox to export on-demand authentication data.

    If you export by group, find and move the groups with the users you want to export from the Available Groups box to the Selected Groups using the arrow buttons.

  9. Click Export.

    You are directed to the Export/Import Status page. The progress of the export is automatically refreshed.

  10. From the Export/Import Status page, click Download File to download and save the export file to your local machine.
  11. Run the System Log Report to view the results of the export. For more information, see Reports.

After you finish

Import users with tokens to the target deployment. See Import Users with Tokens.

Related Concepts

SecurID Tokens