PingFederate Bridge automatically creates a time-stamped configuration (.zip) archive every time an administrator signs on to the administrative console and before an existing archive is imported. The archives are stored in the <pf_install>/pingfederate/server/default/data/archive directory.

The automatic backup process typically completes without delays. For deployments with hundreds of connections or OAuth clients, or both, administrators can configure PingFederate Bridge to create configuration archives periodically instead.

Additionally, administrators can export the current configuration to a .zip file in the Configuration Archive window. This window is only available to administrators whose accounts have been assigned the User Admin, Admin, Crypto Admin, and Expression Admin roles.


The Expression Admin role must be assigned to give administrators sufficient permissions to create configuration archives.


The backup file contains your complete configuration. To protect your data, confirm the backup file is protected with appropriate security controls in place before exporting it.

Sharing the archive is a security risk because the private keys are stored in the archive. An archive should only be shared if the security of that instance is not important, such as a development or test environment.

On the Configuration Archive window, administrators can import an existing archive for immediate deployment into a running PingFederate Bridge server.

Administrators can also deploy a configuration archive manually by copying the .zip file to the <pf_install>/pingfederate/server/default/data/drop-in-deployer directory. After copying the .zip file, it must be renamed to

Configuration archives are intended for administrative-console configuration only. The following files are not included in the archives:
  • Launch scripts in the <pf_install>/pingfederate/bin and <pf_install>/pingfederate/sbin directories.
  • Web container configuration files in the <pf_install>/pingfederate/etc directory.
  • Log files in the <pf_install>/pingfederate/log directory.
  • Database drivers and program files from adapters and any other plugins in the <pf_install>/pingfederate/server/default/lib and <pf_install>/pingfederate/server/default/deploy directories.
  • Other files, including the license file, the advanced cluster configuration files, and the user-facing email and HTML templates, in the <pf_install>/pingfederate/server/default/conf directory.

If any changes have been made to files that are not part of the configuration archive, those files must be preserved manually.


You can export a configuration archive, extract the .zip file, and determine whether specific files are part of the configuration archive, or not.


Draft connections in archives are not imported. Complete any unfinished partner connections if you want to include them in a full backup archive or in an archive to be used for configuration migration.