Set up Secure File Transfer Protocol (SFTP) in Viva Glint
Article
Use Microsoft Viva Glint Secure File Transfer Protocol (SFTP) to establish regular, automated imports of employee data. In Viva Glint General Settings:
Import SSH Public Keys
Specify public IP addresses to connect (optional)
Select users that receive data upload notification emails
Set up PGP encryption (optional)
View credentials and select a port number to access your SFTP account
Your IT team may need to add an IP exception or add hosts and ports to an allowlist to connect to SFTP. Learn more.
Learn more about how to set up SFTP with this video and the guidance in this article:
Manage SFTP in General Settings
Manage SFTP settings to connect to your Viva Glint SFTP account:
From the admin dashboard, select the Configuration symbol, then in Service Configuration, choose General Settings.
In the Technical Configuration section, go to SFTP Setup and select Manage.
In the SFTP pane that appears, review each field and enter information as needed:
Setup item
Required or optional
More information
SSH Public Key
Required
Enter the full text of your public SSH key: ssh-rsa ... .
Leave this field blank to allow any account to connect.
Specify public IP addresses to limit accounts that can connect.
Contact your IT team, HR information system (HRIS) vendor, or use online tools to determine your public IP addresses.
This field supports subnets, or ranges of IP addresses. Enter ranges (for example: 1.1.1.0/24) rather than individual IP addresses in each field, if needed.
Notify People
Required
Search for and add users that should receive file upload notification emails.
Users must be active and exist in Viva Glint.
PGP Encryption
Optional
Switch toggle to On to enable file encryption and reveal Glint's public PGP key to encrypt employee data files.
When this setting is enabled, SFTP accepts files with and without encryption.
SFTP Credentials
Required
After selecting a port number (22 or 1122), copy credentials shown in the platform to connect to SFTP. Your host name changes based on your region (US or EU) and selected port. Allow at least one hour after entering public SSH keys and optional IP addresses before testing your connection.
File Protocol: SFTP
Port: Select 22 or 1122
Host Name: Varies based on region (US or EU) and selected port. Copy from the platform for the correct host name.
Username:Company ID
Password:Not applicable, use your private SSH key file
Note
Once a tenant is deprovisioned or considered in a "LockedOut" state, the public SSH key is deleted and SFTP no longer works.
Important
Private IP ranges aren't internet routable and don't allow SFTP connection. Don't include private IP addresses, which fall in these ranges:
10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
PGP key expiration
The public PGP key provided by Glint that your organization can optionally use to encrypt data files expires every 12 months. Users selected in the Notify People field in SFTP setup receive a notification email 30 days before the key's expiration date letting them know that they need to generate a new key.
To create a new public PGP key:
Go to Configuration and select General Settings in the Service Configuration section.
Select Technical Configuration in the menu and then in SFTP Setup choose Manage.
To generate a new key, go to PGP Encryption and switch the toggle from On to Off, and then back to On.
Select the copy icon next to the Public Key field or select the Download .asc file option to get the newly generated key.
This module will guide you on how to set up the fundamental pieces of the Microsoft Viva Glint web application. Understanding these features and settings is a crucial first step to ensuring a successful launch of the survey program.