Note: This article contains detailed technical instructions on setting up an SFTP integration, and is intended for your IT department or HRIS representative. If you're not sure if SFTP is right for, we recommend you first review the benefits of HRIS integrations and the native integrations we offer.
A Secure File Transfer Protocol (SFTP) integration is a great way to sync your Culture Amp employee data with the data in your HRIS. Culture Amp supports a secure, one-way connection that imports data files from HRIS tools that support SFTP or third party SFTP clients.
Depending on your HRIS, you may need to contact your HRIS representative for assistance. Our support team (email@example.com) are happy to assist with any questions you might have.
Here is what you will find in this support article:
- Setting up an SFTP integration
- Setting up SSH key pairs
- Uploading employee data files using the SFTP integration
- Tips for resolving issues with the SFTP connection
Setting up an SFTP integration
You'll need to configure some integration settings in Culture Amp in order to set up your SFTP connection. To find these settings:
- Navigate to Account Administration
- Click on Integrations
- Click on Employee Data Integration button
Setting up SSH Key Pairs
To set up an SFTP integration, you'll need to create an SSH Key Pair. This is to ensure that the SFTP connection via your client/HRIS is unique and secure.
An SSH key pair is a pair of unique keys that are generated by you and saved on your computer. There's a private key which should only be used by you (or very carefully within your own organisation), and there's a public key which can safely be shared outside your organisation. The integration uses the combination of the two keys to verify the security of the connection.
Note: The Employee Data Integration only supports openSSH key pairs, not SSH2. If your HRIS or command line tool generates keys in SSH2 format, you can convert them to openSSH using the instructions in the troubleshooting guide below.
Step 1: Check command line tools
First, check that you have the command line tools you need to generate openSSH keys:
If you're using a Mac OS:
- command + spacebar to search
- type 'terminal' which opens the native command line tool
If you're using a Windows OS:
- Select the Start button
- Type 'cmd' into search bar
- Select 'Command Prompt' from the list
What if I don't have a command line tool? There are free, opensource key generator apps available to download. A commonly-used tool for generating SSH Key Pairs for Windows is PuTTYgen.
Step 2: Generate the key pair
Run the command `ssh-keygen -t rsa` to generate a new key pair.
When prompted, enter a file path and filename to save the new key pair to, for example `users/firstname.lastname/department-key-pair/[filename]`. We recommend you create a new folder to save your key pair to so that you don't overwrite any existing key pairs you may have saved.
You may be asked for a passphrase. It's a good idea to set (and keep a record of) a passphrase if you want to, but it's not compulsory.
You can now navigate to the file in which your keys are saved, and:
- Copy the public key to Culture Amp's Employee Data Integration setup page.
- Copy the private key to your HRIS or SFTP client setup side.
What if my computer is not set up to accept this command? The `ssh-keygen` or `puttygen` apps can be downloaded for free with a search online.
NOTE: Be wary of sharing your private key. Don't send it anywhere via email, text or through any other insecure means. Multiple key pairs can be generated so you can choose to have a private key per person/SFTP connection.
Here's an example of how to generate SSH key pairs in a Mac environment
Here's an example of how to generate SSH key pairs in a Windows environment
There's specific information about how to correctly format and save SSH keys here.
The popular SFTP Client Filezilla has helpful documentation about how to set up keys here - https://wiki.filezilla-project.org/Howto
Uploading employee data files using the SFTP connection
Using the Hostname and Username provided on the setup page, along with your Private Key generated above, you’ll now be able to set the connection with your SFTP client, and upload employee data files in CSV/XLSX format via that connection. Culture Amp will process the files using our partial import process.
Most SFTP clients will require the following information to set a connection:
- Protocol: SFTP
- Logon Type: Key File
- Host/Hostname: [Found on the SFTP set up page]
- Username: [Found on the SFTP set up page]
Make sure the hostname and username you use to set up your SFTP client are copied directly from the setup form in Culture Amp. Both are case-sensitive. You can find these on the Data integration setup page.
If required by your SFTP client, you may specify `/` as the upload directory
Here's a video example of how to set up a full connection:
Tips for resolving issues with the SFTP connection:
'Connection refused' error
You may receive a 'connection refused' error when setting up an SFTP client. This could be because your organisation has an internal Firewall (either a local or network firewall) that's blocking the SFTP connection.
If this is the case, your firewall needs to be configured to allow outbound access via the hostname (NOT bound to a specific IP address: the IP will change) on TCP Port 22.
Make sure the hostname and username you use to set up your SFTP client are copied directly from the setup form in Culture Amp. Both are case-sensitive.
SAP Success Factors
If setting up an SAP Success Factors integration using SFTP, make sure to convert SSH2 keys to openSSH format.
When SAP generates SSH keys for an SFTP integration, the keys are generated in SSH2 format by default. To successfully configure the SFTP integration, the public key need to be converted to openSSH format.
To convert an SSH2 public key into openSSH format:
- Locate your public SSH key (named for example `ssh2.pub`). This is a file that, when you open it, contains this kind of information:
---- BEGIN SSH2 PUBLIC KEY ----
---- END SSH2 PUBLIC KEY ----
- Ensure that the file has the file format `.pub`
- Run this command on the SSH2 file: `ssh-keygen -i -f ssh2.pub > openssh.pub`