Migrate data from the Single Sign-on central store

The Single Sign-on central store is a centralized repository used by Single Sign-on to store and manage user and administrative data. User data includes user credentials, security question answers, and other user-focused data. Administrative data includes password policies, application definitions, security questions, and other wider-ranging data.

You cannot migrate all data from the Single Sign-on central store to the Self-Service Password Reset central store. This table illustrates the data that can and cannot migrate.

Cannot migrate Can migrate
Password policies - Not Supported People folders containing enrollment Data
Application templates - Not Supported Questionnaires used by customers
Application definitions - Not Supported  
User configurations - Created on the Self-Service Password Reset console  
Application groups - Not Supported  
Single Sign-on Service data - Created on the Self-Service Password Reset console  


  • Self-Service Password Reset does not support Active Directory as a central store, only network shares.
  • Self-Service Password Reset supports data only from Single Sign-on 4.8 or 5.0.

To migrate data from the Single Sign-on central store

Before migrating your data, familiarize yourself with Self-Service Password Reset installation and configuration. For more information, see Install and Configure.

  1. Create a new central store.
  2. Install the Self-Service Password Reset service and console.
  3. In the console, specify the new central store location.
  4. Create a new user configuration and include the users who have Self-Service Password Reset on Single Sign-on.
  5. Copy the Single Sign-on enrollment data and security questions to the new central store.

Note: Ensure that the data proxy account has full control permission of all the copied files.

You need only two folders/files.


Copy all user’s enrollment data:




Use this command: Robocopy \\SSO-SERVER\citrixsync$\People\ \\SSPR-SVC\citrixsync$\People /e /xd QBA /Log+:copylog.txt /tee

Copy the security questions that are used by customers:

\\SSOSERVER\citrixsync$\CentralStoreRoot\AdminConsole\QuestionBasedAuthentication2\ QuestionBasedAuthentication2



Use this command: Robocopy \\SSO-SERVER\citrixsync$\CentralStoreRoot\AdminConsole\QuestionBasedAuthentication2\ \\SSPR-SVC\citrixsync$\CentralStoreRoot\AdminConsole\QuestionBasedAuthentication2 /e /Log+:copylog.txt /tee

Now all users can unlock and reset using their Single Sign-on enrollment questions and answers.