You can back up and restore your configuration for disaster recovery or for testing purposes. You can restore your configuration on the same system or a new system, as long as the version used on the restore system is not older than the version used on the backup system, and as long as the backup and restore systems both use API v3 (PingAccess 5.0 or later).

The configuration backup is stored as a JSON file, and contains the entire PingAccess configuration, with the exceptions of the administrative user configuration and the keys used for JSON web tokens (JWTs). It uses the same format as results from the administrative APIs.

Because the exported JSON file contains much of your PingAccess configuration, make sure that the file is safely stored somewhere with appropriate security controls in place.

Sensitive data, such as secrets and passwords, are encrypted in the backup file. If you have configured a master key encryptor using the Add-on SDK for Java, the host key file (JWK set) is encrypted and included in the exported data. When running in Amazon Web Services (AWS), the AWS Key Management Services (KMS) master key encryptor bundled with PingAccess can be configured for master key encryption. See Configuring PingAccess to use Amazon Key Management Services for more information.

You can modify the backup file directly. If you plan to do so, make an unmodified copy of the backup file before you begin.