Set up Secure File Transfer Protocol (SFTP) in Viva Glint
Use Microsoft Viva Glint Secure File Transfer Protocol (SFTP) to establish regular, automated imports of employee data. In Viva Glint General Settings:
- Import SSH Public Keys
- Specify public IP addresses to connect (optional)
- Select users that receive data upload notification emails
- Set up PGP encryption (optional)
- View credentials and select a port number to access your SFTP account
Your IT team may need to add an IP exception or add hosts and ports to an allowlist to connect to SFTP. Learn more.
Learn more about how to set up SFTP with this video and the guidance in this article:
Manage SFTP in General Settings
Manage SFTP settings to connect to your Viva Glint SFTP account:
From the admin dashboard, select the Configuration symbol, then in Service Configuration, choose General Settings.
In the Technical Configuration section, go to SFTP Setup and select Manage.
In the SFTP pane that appears, review each field and enter information as needed:
Setup item Required or optional More information SSH Public Key Required - Enter the full text of your public SSH key:
ssh-rsa .... - DO NOT share your private key with Viva Glint.
- To generate a key pair, see: Generate an SSH key pair.
- To convert a key to the required format, see: Convert a key to OpenSSH format.
- Add up to three public SSH keys.
SFTP IP Addresses Optional - Leave this field blank to allow any account to connect.
- Specify public IP addresses to limit accounts that can connect.
- Contact your IT team, HR information system (HRIS) vendor, or use online tools to determine your public IP addresses.
- This field supports subnets, or ranges of IP addresses. Enter ranges (for example: 1.1.1.0/24) rather than individual IP addresses in each field, if needed.
Notify People Required - Search for and add users that should receive file upload notification emails.
- Users must be active and exist in Viva Glint.
PGP Encryption Optional - Switch toggle to On to enable file encryption and reveal Glint's public PGP key to encrypt employee data files.
- When this setting is enabled, SFTP accepts files with and without encryption.
SFTP Credentials Required After selecting a port number (22 or 1122), copy credentials shown in the platform to connect to SFTP. Your host name changes based on your region (US or EU) and selected port. Allow at least one hour after entering public SSH keys and optional IP addresses before testing your connection. - File Protocol: SFTP
- Port: Select 22 or 1122
- Host Name: Varies based on region (US or EU) and selected port. Copy from the platform for the correct host name.
- Username: Company ID
- Password: Not applicable, use your private SSH key file
- Enter the full text of your public SSH key:
Note
Once a tenant is deprovisioned or considered in a "LockedOut" state, the public SSH key is deleted and SFTP no longer works.
Important
Private IP ranges aren't internet routable and don't allow SFTP connection. Don't include private IP addresses, which fall in these ranges:
- 10.0.0.0/8 IP addresses: 10.0.0.0 – 10.255.255.255
- 172.16.0.0/12 IP addresses: 172.16.0.0 – 172.31.255.255
- 192.168.0.0/16 IP addresses: 192.168.0.0 – 192.168.255.255
PGP key expiration
The public PGP key provided by Glint that your organization can optionally use to encrypt data files expires every 12 months. Users selected in the Notify People field in SFTP setup receive a notification email 30 days before the key's expiration date letting them know that they need to generate a new key.
To create a new public PGP key:
- Go to Configuration and select General Settings in the Service Configuration section.
- Select Technical Configuration in the menu and then in SFTP Setup choose Manage.
- To generate a new key, go to PGP Encryption and switch the toggle from On to Off, and then back to On.
- Select the copy icon next to the Public Key field or select the Download .asc file option to get the newly generated key.