Configure file forwarding and encryption

Important This content is part of a pilot release. If you haven't been contacted to be part of this pilot, refer to our standard content for Sage People Payflow

If you are using file forwarding to deliver files to the third party provider, you must configure a file forwarding/encryption job in the file transfer platform. Files can be delivered to the third party with or without encryption. If your provider supports it, we recommend encrypting files for transmission.

The file transfer platform supports the following security features for file transmission:

  • File encryption using a PGP key: encrypts the file using a public PGP key. Your provider decrypts the file upon receipt.

  • File signing using a PGP key: generates a file signature using a private PGP key to ensure that the file comes from a trusted source. Your provider can validate the file signature upon receipt using your public key.

  • Connection authentication using an SSH key: used for crypotographic authentication of the connection to your provider, using a private SSH key. Your provider can authenticate the connection using your public SSH key.

If you are using any of these options, you must upload PGP/SSH keys that will be used by your file forwarding job.

Upload keys for encryption, signing, or authentication

If you plan to use PGP encryption or signing, or SSH authentication when connecting to the third party provider's system, you must first upload PGP and/or SSH keys.

Tip If you do not plan to use file encryption, signing, or SSH authentication, you can skip this step.

  1. Log in to the file transfer platform at https://sftpgo.eu.sagepeople.com/

    Use the administrator login that you created earlier (see Configure an SFTP administrator).

  2. Go to Forms > Available forms > Import PGP/SSH Keys.

  3. Upload your keys as detailed here: Import PGP/SSH keys.

Enable file forwarding

Before you begin to configure a job you must gather the following information from your third-party provider:

  • Server IP address or URL

  • Port number

  • Destination folder

  • Login method: password or SSH

  • The third party's public key, if encryption is required.

To create a forwarding/encryption job:

  1. Log in to the file transfer platform at https://sftpgo.eu.sagepeople.com/

    Use the administrator login that you created earlier (see Configure an SFTP administrator).

  2. Go to Forms > Available forms > Enable file forwarding and encryption.

    Screenshot: enable file forwarding and encryption configuration form

  3. Configure the fields as follows.

    Field Description Examples
    Source Virtual Folder

    The folder that is monitored for the arrival of a new download file deposited by an outbound Payflow service.

    The folder path must begin with a forward slash (/).

    		 /myfolder
    File Pattern

    The file pattern for the download files. The system will search the source folder and process matching files.

    Use * as a wildcard.

    *.csv

    *.txt

    payroll_*.csv
    Destination IP/DNS

    The server address of the network location to which processed files will be sent. Enter the server address without including the protocol prefix (sftp://) .

    If the file is to be encrypted/signed but not forwarded, enter localhost.

    server.mypayroll.net

    198.51.100.10

    localhost
    Destination Port

    Enter the port number for the destination server. Provided by the third-party provider.

    If the file is to be encrypted and/or signed and not forwarded, enter 22.

    		 22
    User

    The username used to authenticate the connection at the destination server. Typically provided by the third-party provider.

    If the file is to be encrypted and/or signed and not forwarded, enter your admin username.

    payrolluser

    your_admin_username

     
    Password

    Enter the password for your admin user. Password cannot contain either < or > symbols.

    Important Enter the password with care. Entering an incorrect password in an automated job can cause your user account to be locked out. See Monitor job failed: Auth cancel error
    		  
    Destination Path

    The folder location into which files should be delivered at the receiving server. Typically provided by the third-party provider.

    The folder path must begin with a forward slash (/).

    If the file is to be encrypted and/or signed and not forwarded, specify the destination folder in the file transfer platform. Take care to enter the folder name correctly. If the folder does not already exist, it will be created when the job runs.

    /destinationpath

    /files/destinationpath
    Login Method: Password

    If using password authentication, enter the password to authenticate the connection at the destination server. Provided by the third-party provider.

    If the file is to be encrypted and/or signed but not forwarded, enter the password for your admin user.

    		 mypassword
    Login Method: SSH Key

    If using an SSH key to authenticate the connection to the destination server, select the private SSH key to use.

    The key must be generated or sourced by your organization, and the public part of the key pair must be provided to the third-party to enable them to receive the file. Import keys using the Import PGP/SSH keys form.

    		  
    Do you want to use PGP keys?

    Select the checkboxes for encryption/signing as appropriate. You can select both Encrypt and Sign as part of one routine. You cannot sign files without encrypting.

    If you don't want the file to be encrypted or signed, select No Encryption or Signing.

    • No Encryption or Signing: select this option if you are forwarding the file with no encryption or signing.

    • Encrypt: uses your selected PGP key to encrypt the file.

    • Sign: uses your selected PGP key to sign the file. Only select this option if Encrypt is also selected.

    • Decrypt: select this option to decrypt received files, using the selected private PGP key.

    Ensure you have uploaded the PGP keys for encryption/decryption/signing as appropriate. See Import PGP/SSH keys.

    		 -
    PGP Key to Encrypt

    Select the PGP key to be used for encryption/decryption, if encryption or decryption is selected.

    Ensure you have uploaded the PGP keys using the Import PGP/SSH keys form.

    		 my_encryption_key.asc
    PGP Key to Sign

    Select the PGP key to be used for signing, if signing is selected.

    Ensure you have uploaded the PGP keys using the Import PGP/SSH keys form.

    		 my_encryption_key.asc
    Do you want to delete the original file?

    Select whether you want the file to be removed immediately after the routine has completed. Files that have been forwarded are removed from the folder automatically after a period of time.

    • Yes: the file is removed immediately after processing (recommended).

    • No: the file remains in the folder after processing, and is removed automatically after a period of time.

    If you select Yes:

    • For files that are encrypted and forwarded, both the original file and the encrypted/signed file are removed after the job has completed.

    • If you are encrypting/signing the file without forwarding, the original unencrypted file is removed but the newly encrypted/signed file remains in the destination folder.

    		 -

    For more information, see Enable file forwarding, encryption, and decryption.

This completes the setup for your outbound service with file forwarding. If you are using file signing or SSH authentication, ensure you forward your public keys to the third party.