SFTP, or Secure File Transfer Protocol, is a secure way to move files between computer systems over the internet. In Slate, SFTP is most often used when another system needs to deliver a file for Slate to import, or when Slate needs to create a file that another system can retrieve.
Think of SFTP as a secure file handoff location. One system places a file in a folder, and another system retrieves or processes that file later. The file handoff can happen automatically, which makes SFTP useful for recurring data processes such as general ledger feeds, student information system updates, test score files, document deliveries, and scheduled exports.
Understanding the basics
SFTP workflows use a few terms that appear throughout Slate import and export documentation:
SFTP server: The secure file transfer location where files are placed, stored temporarily, and retrieved. Each Slate instance has an attached SFTP server.
SFTP client: The tool used to connect to an SFTP server. This might be Slate SFTP Explorer, a third-party tool such as WinSCP or FileZilla, or an external system that connects automatically.
Folder or path: The location of a file on the SFTP server. In Slate documentation, paths often begin with a forward slash, such as
/incoming/vendor_name/or/outgoing/vendor_name/.File name or mask: The name, pattern, or wildcard that tells Slate which files to find. For example, an import path/mask can tell Slate to pick up files that match a particular naming pattern.
Service account: A Slate user account created for an integration or external system, rather than for a person signing in to Slate.
Path restriction: A setting that limits an account to specific folders on the SFTP server.
Using SFTP with Slate imports
For imports into Slate, another system usually places a file in the /incoming/ folder on the Technolutions SFTP server. A source format then tells Slate which files to pick up and how to process them.
Adding an import path/mask tells Slate which folder and file name pattern belong to that source format. When Slate finds a matching file, Slate processes the file as if someone uploaded it through Upload Dataset. The file uses the same import scripts and remap process as a manually uploaded file.
Technolutions SFTP servers are polled approximately every 10 minutes.
📖 Scheduling Imports from SFTP
Using SFTP with Slate exports
For exports from Slate, scheduled queries can create files and send them to an SFTP endpoint. The recommended destination is usually the Technolutions SFTP server. Files sent to the Technolutions SFTP server are placed in the /outgoing/ directory, and the export path controls the file name and optional subfolder.
Remote SFTP export is supported, but it is generally discouraged because the export can fail if the remote server is unavailable. Use the Technolutions SFTP server when possible for higher availability and for files that can be downloaded after delivery.
📖 Sending Scheduled Exports to a Remote SFTP Server
Using SFTP Explorer
SFTP Explorer is the browser-based Slate tool for working with the SFTP server attached to your Slate instance. Users who have the SFTP Access role enabled can use SFTP Explorer to create folders, rename folders, upload files, download files, and delete files.
By default, a Slate SFTP server contains two folders:
incoming: Stores files that external systems or users place on the SFTP server for Slate to import.
outgoing: Stores files that Slate creates through scheduled exports.
SFTP Explorer is also path-restriction aware. If a user or service account is restricted to specific paths, that restriction limits what the account can access in SFTP Explorer and through external SFTP clients.
Folder access
Use separate service accounts and path restrictions when an external system or vendor needs SFTP access. Separate accounts make it easier to disable one integration without affecting others, and path restrictions limit each account to the folders it needs.
When planning access, confirm:
Who connects: Identify whether a person, vendor, SIS, or other external system connects to the SFTP server.
Where files go: Decide which
/incoming/or/outgoing/folder the process uses.Which account connects: Use a dedicated service account for integrations when possible.
Which paths are allowed: Restrict access to only the folders required for the process.
Which networks are allowed: Add the public-facing IP addresses or CIDR ranges that should be allowed to connect.
📖 Provisioning SFTP User Access
SFTP in test environments
Test environments do not have a separate SFTP server that users connect to directly. To test SFTP imports and exports in a test environment, connect to the production SFTP server and use the /test folder. The folders under /test should mirror the folders used by the production process.
For example, if production files are delivered to /incoming/commonapp/, test files should be delivered to /test/incoming/commonapp/.
File storage and retention
The Slate SFTP server is intended for file delivery. It is not for permanent file storage: files older than 30 days may be removed from SFTP servers at any time. Use SFTP as a transfer location, and keep permanent copies of important files in the system of record for the process.
📖 SFTP Technical Details for Network Administrators
Troubleshooting basics
If an SFTP process is not working, start with the connection, path, and file pattern.
Connection: Confirm the hostname, username, authentication method, allowed networks, and firewall settings.
Path: Confirm that the folder exists and that the account has access to the path. Path restrictions must include a trailing
/when granting folder access.File name: Confirm that the file name matches the import path/mask or export path expected by the process.
Environment: Confirm whether the process is being tested in production or in a test environment that uses the
/testfolder.
Use SFTP Connection Validation to test password-based SFTP connection settings. The tool does not validate certificate authentication.