ACE SFTP User Management

Updated on 15 Aug 2024
5 Minutes to read
Contributors

Article summary

Did you find this summary helpful?

Thank you for your feedback

ACE offers a secure file transfer protocol (SFTP) service, accessible via data.interprose.com. When you need to provide your clients, users, and vendors with access to an ACE SFTP to share data, files, and reports, you can configure and provide individual SFTP access at the user level.

Note
SFTP users are independent and do not need to be linked to ACE users. However, you can create SFTP accounts for both ACE users and non-ACE users.

What is SFTP?

SFTP (Secure File Transfer Protocol) is a network protocol that provides secure file access, transfer, and management over a reliable data stream. Unlike FTP, SFTP encrypts both commands and data, ensuring that sensitive information, such as usernames, passwords, and file contents, is protected during transmission.

Getting Started

To use the ACE SFTP Service, contact Sales at Sales@interprose.com for pricing details.

ACE SFTP Setup Steps

Create Security Credentials: Set up security credentials for each SFTP user. For enhanced security, use SSH keys instead of passwords.
Add SFTP Users: Create SFTP users with appropriate access and credentials.
Connect with an SFTP Client Host: Users will need to select an SFTP client, such as WinSCP or FileZilla.
Connecting Jobs with SFTP Users: Use an Admin SFTP User in ACE jobs to transfer documents to or from an SFTP User.

Key Terms

Term	Definition
CNAME (Canonical Name Record)	A DNS record type that maps an alias to the true domain name.
SSH (Secure Shell)	A cryptographic protocol for secure network services, utilizing client-server architecture.
SFTP Client Host	The computer/server/cloud where SFTP client software is accessed.
IP Address	A numeric label assigned to devices in a network for identification and location purposes.
Whitelisting IP Addresses	A security practice that restricts network access to specific (or range) of IP addresses.
CIDR (Classless Inter-Domain Routing)	A method for allocating IP addresses and IP routing. It uses a notation like 192.168.1.0/24 to define IP addresses and network masks. /32 (Single IP Address): this notation specifies a single IP address. For example, 192.168.1.0/32 refers only to the specific IP address. /24 (Range of IP Addresses): this notation specifies a range of IP addresses. For example, 192.168.1.0/24 includes all IP addresses from 192.168.1.0 to 192.168.1.255. This is because /24 represents a subnet mask which allows for addresses in that range.

Security Credentials

When setting up security credentials, you can choose between Password or SSH as the credential type. For enhanced security, it is recommended to use SSH credentials, especially for admin users managing the SFTP workflow.

Creating an Admin SFTP User with SSH Credentials

Navigate to: Setup → Security Credentials, New.
Complete the following fields:
1. Identifier: Typically the same as the username.
2. Type: Select SSH from dropdown.
3. Username: Enter the username to be associated with this key.
  1. Username must not contain spaces.
  2. Note: Usernames are unique system-wide. If a username is taken, you will be notified.
4. Generate and Add SSH Key Pair:
  1. Option 1: Generate Key Pair
    1. Click the Generate button to have ACE create the SSH key pair for you.
    2. Download the Private Key.
  2. Option 2: Use an External Tool:
    1. Generate the SSH keys using a tool like PuTTYgen (WinSCP)
    2. SSH Private and Public Keys: Paste the SSH keys into the appropriate fields.
5. Description: Provide a brief description of the key.
Click Save.
Review Creating and Managing SSH (Secure Shell) Credentials for additional information.

Image Displays Example Admin SFTP SSH Security Credentials

Creating SFTP Users with Username and Password

Navigate to Setup → Security Credentials, New.
Complete the following fields:
1. Identifier: Typically the same as the username.
2. Type: Select Password from dropdown.
3. Username: Enter the username to be associated with this key.
  1. Username must not contain spaces.
  2. Usernames are unique system-wide. If a username is taken, a message will notify you.
4. Passphrase: Enter a strong password.
5. Description: Provide a brief description of the key.
Click Save.

Image Displays Example Client SFTP User with Username and Password Credentials

Creating SFTP Users

Navigate to Setup → Users → SFTP Users, New.
Complete the fields:
1. Credentials: Select the SFTP username from the dropdown (usernames are imported automatically).
2. Whitelist IP: Enter comma-separated IP addresses in CIDR notation.
  1. To whitelist a range of IP addresses, you can use CIDR notation (e.g., 192.168.1.0/24).
  2. CIDR notation allows you to specify a block of IP addresses. For example:
    1. 192.168.1.0/24 will whitelist all IP addresses from 192.168.1.0 to 192.168.1.255.
    2. 192.168.1.0/32 will whitelist only the specific IP address 192.168.1.0.
3. Admin: When enabled, this will grant administrative rights to all SFTP user data.
4. Contact Information: Optional but useful for SFTP issue resolution.
Save the user.

Image Displays Example SFTP User Configuration

Example of Connecting with WinSCP Client Host

To connect to the ACE SFTP server using an SFTP client host using WinSCP:

Open your SFTP client.
Add a new session with the following details:
1. File Protocol: SFTP
2. Hostname: data.interprose.com
3. Port Number: 22
4. Username and Password: Enter the SFTP user credentials
Connecting with SSH Credentials:
1. Enter your username.
2. Click Advanced.
3. Click Advanced again to open the “Advanced Site Settings”.
4. On the left side, navigate to SSH → Authentication.
5. Under Authentication parameters, locate the Private key file field. (you may need to change the
6. Click on the three dots (...) next to the field.
7. Browse and select your saved private key file.
  1. ACE generated private key file may need to be converted once loaded. Follow the WinSCP prompts.
8. Click OK to save the settings.
9. Click Login.
Connecting with Username/Password Credentials:
1. Enter your username and password.
2. Click Login.
After successful authentication:
1. You will gain access to your designated folder.
2. Create necessary folders, such as incoming and outgoing, that may be referenced in jobs within ACE.

Image Displays Advanced SSH Authentication Settings for Selecting the Private Key File

SFTP Client Hosts
Each client host may have different configurations than the example listed above. Ensure you check the documentation for your specific SFTP client host.

Examples of Using SFTP in ACE Job Tasks

It is recommended to use the Admin SFTP User account in ACE jobs for transferring documents to or from an SFTP User.

In ACE, jobs can be configured with specific tasks to manage file transfers between ACE and an SFTP server. The example below uses the following tasks:

Document: Transfer From: Transfers files from a remote server to ACE.
Document: Transfer To: Transfers files from ACE to a remote server

Image Displays Example Admin SFTP User Job Tasks

Additional Information

Unlimited storage is available.
Create SFTP accounts for QA and Production on the production server. To distinguish between QA tests, use separate folders in your SFTP client for QA and production.
Deleting an SFTP user in ACE removes the user and the data.
The folder created in the Client Host will appear after the user logs in.

Custom URL Configuration

Customers can create a custom SFTP URL by adding a CNAME record in their DNS that points to s-083f2e5df2cf47ec9.server.transfer.us-west-2.amazonaws.com.

For example: sftp.yourcompanyname.com.

Was this article helpful?

What's Next

ACE System Metrics: Tracking CPU and Memory Usage

Table of contents

What is SFTP?
Getting Started
ACE SFTP Setup Steps
Key Terms
Security Credentials
Creating SFTP Users
Example of Connecting with WinSCP Client Host
Examples of Using SFTP in ACE Job Tasks
Additional Information
Custom URL Configuration