Create an encryption-only job

Important This content is part of a pilot release. If you haven't been contacted to be part of this pilot, refer to our standard content for Sage People Payflow

If you are using file collection and you need to encrypt files and move them to another folder before the third party collects them, create a file forwarding/encryption job to encrypt the file on the file transfer platform.

To use file encryption:

Create separate folders for the decrypted and encrypted files
Upload a PGP public key used to encrypt files
Configure an encryption job.

Create folders

Your third-party provider can be set up with a web user that has access to a specific folder (via a folder group) in order to retrieve files from the file transfer platform.

Tip Best practice when delivering encrypted files is to provide the third party user with access to a folder that only contains the encrypted files they will retrieve. This improves security by preventing the third-party login from being able to access decrypted files.

To configure folders for file encryption:

Create a folder that will contain the encrypted files that your encryption job will create:
- In the file transfer platform, go to the Files section.
- Select the root directory.
- Select New Folder.
- Give the folder a name and select Create.
If you have not already configured a web user for the third party, follow the guidance in Configure third-party users and folder groups to create a web user and grant access to this folder for your third-party user. This folder will be used to retrieve the encrypted files.

Upload a PGP public key

In order for the third-party provider to decrypt the encrypted files that you deliver, the provider must give you the public part of a PGP key pair that they own. You will encrypt the file using the public key, and the provider can later decrypt it using the private part of the key pair.

For more information about PGP keys, and for guidance about uploading keys, see Import PGP/SSH keys.

Configure an encryption job

When you have users, folders, and PGP keys in place, the final step is to create a file forwarding and encryption job that enables file encryption and forwards the encrypted file to your encrypted files folder.

To create an encryption job:

Log in to the file transfer platform at https://sftpgo.eu.sagepeople.com/
Go to Forms > Available forms > Enable file forwarding and encryption.
Configure the forwarding job as follows:
- Source Virtual Folder: enter the path for the folder that Payflow will use to deposit the original, unencrypted files. Ensure this folder path begins with a forward slash (/).
  
  For example: /PayslipData
- File Pattern: enter the file extension for deposited files. For example, .csv
- Destination IP/DNS: leave this set to localhost. Localhost means that the job will run locally, without forwarding the file to another server.
- Destination Port: leave set to 22.
- Destination Path: enter the path for the folder that will contain your encrypted files. For example: /PayslipsEncrypted
  
  Tip If you have an existing folder into which you want to deposit your encrypted files, ensure you enter the address accurately. If the folder does not already exist, it will be created.
- User: enter your administrator username. The job must be run as a user that has folder access to both folders.
- Login Method: Password: enter your administrator password.
- Login Method: SSH Key: leave blank.
- File Encryption and Signing: set to Encrypt.
- PGP Key to Encrypt/Decrypt: select the public key provided by your third-party provider.
- PGP to Sign: leave blank.
- Do you want to delete the original file?: as a best practice, set the original file to be deleted from the folder as soon as it has been encrypted. Select Yes.
Select Submit.

For more information about using this form, see Enable file forwarding, encryption, and decryption.

Next, Provide details to the third party.