MFA Guides

Backup Server Keys

During the installation process, RapidIdentity Server creates application keys to communicate with the SQL database.

Backing up the Server Key preserves the ability to communicate with the RapidIdentity Server database in the event that the server must be uninstalled, reinstalled, moved or distributed across multiple IIS servers.

If the RapidIdentity Server keys are not backed up prior to uninstalling the Server application, database information recovery is not possible.

The sequence below assumes the Server Keys are installed in the default location. If an alternative path was selected then the initial starting point will be the location selected during the installation process.

Follow these steps to back up the RapidIdentity Server keys to a Smart Card or to restore keys to an existing installation.

  1. Navigate to C:\Program Files\2FA\ONE Server\tools\KeyBackup.

  2. Right-click the KeyBackup application and select Run as administrator.

  3. Click Backup and then click File.

  4. Click the ellipsis to navigate to the location to save the Server Key, type a file name and click Save.


    Enter and confirm a password and then click Finish.

  5. When the operation is complete, click OK.


    Exit the KeyBackup application.

Key Backup Tool

When RapidIdentity Server is installed, random encryption keys are generated and those keys are used to communicate securely with clients and store protected data in the system.

Because of how this data is encrypted and decrypted, each database will be tied to its corresponding Server Key. It is always advisable to backup server keys after installation and during any server operation that may affect the server keys.

Additionally, for RapidIdentity Server deployments where multiple application (IIS) Servers are to be deployed to communicate with a single SQL instance or farm, each RapidIdentity Server must utilize the same encryption keys in order to access encrypted data stored in the database.

Identity Automation provides a Key Backup Tool that is provided to backup the key from your initial RapidIdentity Server instance, and restore the key on subsequent RapidIdentity Servers so that each server maintains the same keys.

This procedure should be performed for each subsequent RapidIdentity Server before any server operation is performed.