Before continuing, please take a backup of the database from the Operations Console (Maintenance > Backup and Restore > Backup Now) or take a snapshot of the virtual server.

1. In the Security Console of the target deployment, click Administration > Export/ Import Tokens and Users > Download Encryption Key.
2. Click Download Now.
3. Use the File Download dialog box to select a location for the encryption key, and click Save.
4. Complete the save operation to your local directory, as required by your browser.
5. Click Done.  

1. In the Security Console of the source deployment, click Administration > Export/Import Tokens and Users > Export Tokens and Users.
2. In the Encryption Key Location field, browse to the encryption key that you downloaded from the target deployment.
3. In the Export Job Name field, specify the name of the export job. RSA recommends you keep the default job name. If you edit the job name, the new name must be unique.
4. In the Export Type field, select Users with Tokens.
5. Click Next. 

1. In the Security Console of the target deployment, click Administration > Export/Import Tokens and Users > Import Tokens and Users.
2. In the Import Job Name field, specify the name of the import job.
3. Select the import file location.
4. Click Next.

1. If the RSA Authentication Manager 8.x source server uses an external identity source but the target does not, imported users will be saved to the internal database.
2. The encryption key is the public key corresponding to an RSA public-private key pair.  The key ensures the following:

• Token and user records being exported can be imported only to the target deployment.
• The exported data is encrypted, thus preventing the data from being read or tampered with in transit.
• The source and target deployments communicate only with each other.
• You must download the encryption key from the target deployment before exporting users or tokens from a source deployment.