ACE SFTP User Management

ACE offers a secure file transfer protocol (SFTP) service, accessible via data.interprose.com. When you need to provide your clients, users, and vendors with access to an ACE SFTP to share data, files, and reports, you can configure and provide individual SFTP access at the user level.

An ACE SFTP user is billed at the same rate as an ACE user. For pricing details, please contact Sales at Sales@interprose.com.

Note

SFTP users are independent and do not need to be linked to ACE users. However, you can create SFTP accounts for both ACE users and non-ACE users.

What is SFTP?

SFTP (Secure File Transfer Protocol) is a network protocol that provides secure file access, transfer, and management over a reliable data stream. Unlike FTP, SFTP encrypts both commands and data, ensuring that sensitive information, such as usernames, passwords, and file contents, is protected during transmission.

ACE SFTP Setup Steps

1. Create Security Credentials: Set up security credentials for each SFTP user. For enhanced security, use SSH keys instead of passwords.

2. Add SFTP Users: Create SFTP users with appropriate access and credentials.

3. Connect with an SFTP Client Host: Users will need to select an SFTP client, such as WinSCP or FileZilla.

4. Connecting Jobs with SFTP Users: Use an Admin SFTP User in ACE jobs to transfer documents to or from an SFTP User.

Key Terms

Security Credentials

When setting up security credentials, you can choose between Password or SSH as the credential type. For enhanced security, it is recommended to use SSH credentials, especially for admin users managing the SFTP workflow.

Creating an Admin SFTP User with SSH Credentials

1. Navigate to: Setup → Security Credentials, New.

2. Complete the following fields:

   1. Identifier: Typically the same as the username.

   2. Type: Select SSH from dropdown.

   3. Username: Enter the username to be associated with this key.

      1. Username must not contain spaces.

      2. Note: Usernames are unique system-wide. If a username is taken, you will be notified.

   4. Generate and Add SSH Key Pair:

      1. Option 1: Generate Key Pair

         1. Click the Generate button to have ACE create the SSH key pair for you.

         2. Download the Private Key.

      2. Option 2: Use an External Tool:

         1. Generate the SSH keys using a tool like PuTTYgen (WinSCP)

         2. SSH Private and Public Keys: Paste the SSH keys into the appropriate fields.

   5. Description: Provide a brief description of the key.

3. Click Save.

4. Review Creating and Managing SSH (Secure Shell) Credentials for additional information.

Creating SFTP Users with Username and Password

1. Navigate to Setup → Security Credentials, New.

2. Complete the following fields:

   1. Identifier: Typically the same as the username.

   2. Type: Select Password from dropdown.

   3. Username: Enter the username to be associated with this key.

      1. Username must not contain spaces.

      2. Usernames are unique system-wide. If a username is taken, a message will notify you.

   4. Passphrase: Enter a strong password.

   5. Description: Provide a brief description of the key.

3. Click Save.

Creating SFTP Users

1. Navigate to Setup → Users → SFTP Users, New.

2. Complete the fields:

   1. Credentials: Select the SFTP username from the dropdown (usernames are imported automatically).

   2. Whitelist IP: Enter comma-separated IP addresses in CIDR notation.

      1. To whitelist a range of IP addresses, you can use CIDR notation (e.g., 192.168.1.0/24).

      2. CIDR notation allows you to specify a block of IP addresses. For example:

         1. 192.168.1.0/24 will whitelist all IP addresses from 192.168.1.0 to 192.168.1.255.

         2. 192.168.1.0/32 will whitelist only the specific IP address 192.168.1.0.

   3. Admin: When enabled, this will grant administrative rights to all SFTP user data.

   4. Contact Information: Optional but useful for SFTP issue resolution.

3. Save the user.

Example of Connecting with WinSCP Client Host

To connect to the ACE SFTP server using an SFTP client host using WinSCP:

1. Open your SFTP client.

2. Add a new session with the following details:

   1. File Protocol: SFTP

   2. Hostname: data.interprose.com

   3. Port Number: 22

   4. Username and Password: Enter the SFTP user credentials

3. Connecting with SSH Credentials:

   1. Enter your username.

   2. Click Advanced.

   3. Click Advanced again to open the “Advanced Site Settings”.

   4. On the left side, navigate to SSH → Authentication.

   5. Under Authentication parameters, locate the Private key file field. (you may need to change the

   6. Click on the three dots (...) next to the field.

   7. Browse and select your saved private key file.

      1. ACE generated private key file may need to be converted once loaded. Follow the WinSCP prompts.

   8. Click OK to save the settings.

   9. Click Login.

4. Connecting with Username/Password Credentials:

   1. Enter your username and password.

   2. Click Login.

5. After successful authentication:

   1. You will gain access to your designated folder.

   2. Create necessary folders, such as incoming and outgoing, that may be referenced in jobs within ACE.

SFTP Client Hosts

Each client host may have different configurations than the example listed above. Ensure you check the documentation for your specific SFTP client host.

Examples of Using SFTP in ACE Job Tasks

It is recommended to use the Admin SFTP User account in ACE jobs for transferring documents to or from an SFTP User.

In ACE, jobs can be configured with specific tasks to manage file transfers between ACE and an SFTP server. The example below uses the following tasks:

• Document: Transfer From: Transfers files from a remote server to ACE.

• Document: Transfer To: Transfers files from ACE to a remote server

Additional Information

• Unlimited storage is available.

• Create SFTP accounts for QA and Production on the production server. To distinguish between QA tests, use separate folders in your SFTP client for QA and production.

• Deleting an SFTP user in ACE removes the user and the data.

• The folder created in the Client Host will appear after the user logs in.

Custom URL Configuration

Customers can create a custom SFTP URL by adding a CNAME record in their DNS that points to  s-5ae6be594f2f48b5b.server.transfer.us-west-2.amazonaws.com .

For example: sftp.yourcompanyname.com.

Troubleshooting Guide for SFTP User Access Issues

If you are experiencing issues accessing your SFTP account, particularly after a recent IP change or when creating new user credentials, follow these troubleshooting steps:

1. Verify IP Whitelisting

• Find Your IP Address: To ensure the correct IP is whitelisted, you can find your current IP address by visiting a website like WhatIsMyIP.com or by searching "What is my IP" in a search engine. Make sure to select the IPv4 version.

• Ensure that the new IP address from your internet provider is correctly whitelisted. If the IP is not whitelisted, you may encounter a timeout error.

• When entering IP addresses, use CIDR (Classless Inter-Domain Routing) notation:

  • /32 (Single IP Address): Specifies a single IP address (e.g., 192.168.1.0/32 refers only to that specific IP).

  • /24 (Range of IP Addresses): Specifies a range of IP addresses (e.g., 192.168.1.0/24 includes all addresses from 192.168.1.0 to 192.168.1.255).

2. Check Username and Password

• Confirm that the username and password are entered correctly. Usernames are case-sensitive and should not contain spaces.

3. Use the Correct Connection Settings

• Verify that you are connecting to the correct server and port:

  • Host: data.interprose.com

  • Port: 22

• Ensure that you are using SFTP (not FTP or FTPs) for your connection.

4. Test with Different Clients

• If you are having problems with one client (e.g., FileZilla), try another client like WinSCP to see if the issue persists.

• Check for specific settings in the client that may affect the connection, such as encryption methods or timeouts.

5. Review Documentation

• Review this document for any configuration requirements or updates that may have been overlooked.

6. Save Client Host Profile

• After making changes to your connection profile in your SFTP client (such as FileZilla or WinSCP), ensure you save the profile before attempting to connect again. This is crucial for applying any modifications you made to the server settings and credentials.

7. Contact Support for Persistent Issues

• If the issue persists after trying all the above steps, contact your technical support team for further assistance. Provide them with:

  • The exact error messages received, including screenshots.

  • A detailed description of the steps you've taken.

  • Information about your current IP address and any changes made to the account.