Edit

Share via


Set up Secure File Transfer Protocol (SFTP) in Viva Glint

Use Microsoft Viva Glint Secure File Transfer Protocol (SFTP) to establish regular, automated imports of employee data. In Viva Glint General settings:

  • Import SSH Public Keys
  • Specify public IP addresses to connect (optional)
  • Select users that receive data upload notification emails
  • Set up PGP encryption (optional)
  • View credentials and select a port number to access your SFTP account

Note

Learn more about how to set up SFTP with this video and the guidance in this article:

Manage SFTP in General Settings

Manage SFTP settings to connect to your Viva Glint SFTP account:

  1. From the admin dashboard, select the Configuration symbol, then in Service configuration, choose General settings.

  2. In the Technical configuration section, go to SFTP setup and select Manage.

  3. In the SFTP pane that appears, review each field and enter information as needed:

    Setup item Required or optional More information
    SSH Public Key* Required
    SFTP IP Addresses** Optional
    • Leave this field blank to allow any account to connect.
    • Specify public IP addresses to limit accounts that can connect.
    • Contact your IT team, HR information system (HRIS) vendor, or use online tools to determine your public IP addresses.
    • This field supports subnets, or ranges of IP addresses. Enter ranges (for example: 1.1.1.0/24) rather than individual IP addresses in each field, if needed.
    Notify People Required
    • Search for and add users that should receive file upload notification emails.
    • Users must be active and exist in Viva Glint.

    If you experience errors when updating this list of users:
    1. Remove all users
    2. Search for and add them to the list again
    3. Save changes
    PGP Encryption Optional
    • Switch toggle to On to enable file encryption and reveal Viva Glint's public PGP key to encrypt employee data files.
    • When this setting is enabled, SFTP accepts files with and without encryption.
    • This key expires every 12 months. Viva Glint sends a notification 30 days before expiration.
    SFTP Credentials Required Select a port number (22 or 1122) and copy credentials shown in the platform to connect to SFTP. Your host name changes based on your region (US or EU) and selected port. Allow at least one hour after entering public SSH keys and optional IP addresses before testing your connection.

    • File Protocol: SFTP
    • Port: Select 22 or 1122
    • Host Name: Varies based on region (US or EU) and selected port. Copy from the platform for the correct host name.
    • Username: Company ID
    • Password: Not applicable, use your private SSH key file

    * When a tenant is deprovisioned or considered in a "LockedOut" state, public SSH keys are deleted and SFTP no longer works.

    ** Private IP ranges aren't internet routable and don't allow SFTP connection. Don't include private IP addresses, which fall in these ranges:

    • 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
    • 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
    • 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255

    Note

    For more information about deprovisioning, read about Deleting a Microsoft Entra tenant and Data deletion in Microsoft 365.

PGP key expiration

The public PGP key provided by Viva Glint that your organization can optionally use to encrypt data files expires every 12 months. Users selected in the Notify People field in SFTP setup receive a notification email 30 days before the key's expiration date letting them know that they need to generate a new key.

Screenshot of the PGP key expiration email which Viva Glint sends 30 days before the expiration date.

To get a new PGP key, contact Support and enter "Viva Glint PGP key" as the Title for your request.