Edit

Share via


Set up Secure File Transfer Protocol (SFTP) in Viva Glint

Use Microsoft Viva Glint Secure File Transfer Protocol (SFTP) to establish regular, automated imports of employee data. In Viva Glint General Settings:

  • Import SSH Public Keys
  • Specify public IP addresses to connect (optional)
  • Select users that receive data upload notification emails
  • Set up PGP encryption (optional)
  • View credentials and select a port number to access your SFTP account

Your IT team may need to add an IP exception or add hosts and ports to an allowlist to connect to SFTP. Learn more.

Learn more about how to set up SFTP with this video and the guidance in this article:

Manage SFTP in General Settings

Manage SFTP settings to connect to your Viva Glint SFTP account:

  1. From the admin dashboard, select the Configuration symbol, then in Service Configuration, choose General Settings.

  2. In the Technical Configuration section, go to SFTP Setup and select Manage.

  3. In the SFTP pane that appears, review each field and enter information as needed:

    Setup item Required or optional More information
    SSH Public Key Required
    SFTP IP Addresses Optional
    • Leave this field blank to allow any account to connect.
    • Specify public IP addresses to limit accounts that can connect.
    • Contact your IT team, HR information system (HRIS) vendor, or use online tools to determine your public IP addresses.
    • This field supports subnets, or ranges of IP addresses. Enter ranges (for example: 1.1.1.0/24) rather than individual IP addresses in each field, if needed.
    Notify People Required
    • Search for and add users that should receive file upload notification emails.
    • Users must be active and exist in Viva Glint.
    PGP Encryption Optional
    • Switch toggle to On to enable file encryption and reveal Glint's public PGP key to encrypt employee data files.
    • When this setting is enabled, SFTP accepts files with and without encryption.
    SFTP Credentials Required After selecting a port number (22 or 1122), copy credentials shown in the platform to connect to SFTP. Your host name changes based on your region (US or EU) and selected port. Allow at least one hour after entering public SSH keys and optional IP addresses before testing your connection.

    • File Protocol: SFTP
    • Port: Select 22 or 1122
    • Host Name: Varies based on region (US or EU) and selected port. Copy from the platform for the correct host name.
    • Username: Company ID
    • Password: Not applicable, use your private SSH key file

Note

Once a tenant is deprovisioned or considered in a "LockedOut" state, the public SSH key is deleted and SFTP no longer works.

Important

Private IP ranges aren't internet routable and don't allow SFTP connection. Don't include private IP addresses, which fall in these ranges:

  • 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
  • 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
  • 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

PGP key expiration

The public PGP key provided by Glint that your organization can optionally use to encrypt data files expires every 12 months. Users selected in the Notify People field in SFTP setup receive a notification email 30 days before the key's expiration date letting them know that they need to generate a new key.

Screenshot of the PGP key expiration email which Glint sends 30 days before the expiration date.

To create a new public PGP key:

  1. Go to Configuration and select General Settings in the Service Configuration section.
  2. Select Technical Configuration in the menu and then in SFTP Setup choose Manage.
  3. To generate a new key, go to PGP Encryption and switch the toggle from On to Off, and then back to On.
  4. Select the copy icon next to the Public Key field or select the Download .asc file option to get the newly generated key.