Overview
The SFTP integration lets your HR or IT system send employee data to Figures by uploading a flat file (CSV, JSON or XLSX) to a dedicated SFTP server. The integration runs through our partner Kombo, which hosts the SFTP server, decrypts the file (if PGP is used), parses it, and exposes the normalised data to Figures.
Figures then pulls the data on a daily basis — or on demand — and updates employees, salaries, additional fields and custom compensation items accordingly. No data is ever written back to your HR system. The flow is strictly inbound: your system → Kombo SFTP → Figures.
Architecture
Your system generates a flat file from your HRIS / data warehouse and uploads it to a dedicated SFTP endpoint provisioned by Kombo for your tenant.
Kombo authenticates the upload, decrypts the file if PGP is enabled, parses it according to the column mapping agreed during setup, and stores the normalised employees.
Kombo notifies Figures through a signed webhook that a new sync is ready.
Figures pulls the active employee list from Kombo's API over HTTPS, applies the mapping for additional fields and custom remuneration items, and updates the company database.
Security
Authentication to the SFTP server
Two authentication methods are supported. The customer chooses one when the integration is set up.
Method | Description | Recommended |
SSH public key | The customer generates an SSH key pair on their side and shares only the public key with Kombo. The private key never leaves the customer's infrastructure. | ✅ Yes |
Username + password | Kombo auto-generates the username; a strong password (40+ characters) is generated and shared with the customer through a secure channel. | Acceptable when SSH is not available |
Note on credential exchange: Figures sets up the integration in Kombo on behalf of the customer. The customer provides the SSH public key (or receives the password through a secure channel) and never logs into Kombo directly.
File encryption
PGP encryption of the uploaded file is supported and strongly recommended for sensitive workforce data.
Option | Description |
No encryption | File is uploaded as-is over the encrypted SFTP channel only. |
PGP RSA 2048 | File is PGP-encrypted before upload. Adds an application-layer encryption on top of SFTP. |
PGP RSA 4096 | Same as above, with a larger key. Recommended for the highest sensitivity. |
When PGP is enabled, Kombo generates the key pair. The private key stays on Kombo's side and is never shared. The public key is sent to the customer, who configures their HRIS / export tool to encrypt every file with that key before uploading.
Data in transit
Customer → Kombo SFTP: SSH-encrypted SFTP channel, optionally with an additional PGP layer at the application level.
Kombo → Figures: HTTPS only (TLS) over the public internet. Authentication uses a Bearer API key plus a per-tenant integration ID.
Figures → Kombo (manual force-sync): same authenticated HTTPS channel.
Data at rest
Kombo retains the parsed, normalised data only as long as needed to serve subsequent syncs. Original uploaded files are processed and not exposed back to Figures.
Figures stores employee data in a multi-tenant PostgreSQL database hosted on AWS in the EU (eu-central-1, Frankfurt). Per-tenant integration credentials are encrypted at rest.
Network controls
The Kombo SFTP server is reachable over the public internet on the standard SFTP port (22). The customer can restrict outbound traffic from their HRIS to Kombo's published IP range if needed.
Figures is hosted in AWS EKS in the EU and uses a fixed egress for outbound calls to Kombo's API.
Direction of data flow
The integration is strictly inbound to Figures. Figures never writes data back to the customer's HRIS, and Kombo's role is limited to receiving and parsing the file. The customer fully controls which fields are included in the export.
File specifications
Supported formats
.csv, .json, .xlsx
CSV is the most common choice. UTF-8 encoding is expected.
File naming
The file name must remain identical across uploads (e.g. employees.csv). The extension must match the file format. Do not include any variable information such as a date or a timestamp in the file name — Kombo identifies the latest version by file name.
Upload semantics
Each new upload replaces the previous one and becomes the source of truth. The file is a full snapshot of the active workforce at the time of export, not a delta. After each successful sync, the state of the workforce in Figures mirrors the content of the latest file. Employees that disappear between two uploads are treated as no longer active.
Standard columns
Kombo defines a set of standard column names. If your file uses these names, mapping is automatic — there is nothing to configure on either side. If you prefer your own naming convention, the Figures team configures the mapping once in Kombo at setup time, and every subsequent file is parsed automatically.
Column | Required | Description |
| ✅ | Unique, stable identifier of the employee in your source system. Used as the external ID. |
| ✅ | Must resolve to |
| ✅ | Hire date — ISO 8601 ( |
| ✅ | Numeric base pay amount |
| ✅ | One of |
| Optional | First name |
| Optional | Last name |
| Optional | Fallback for first / last name |
| Optional | Professional email |
| Optional |
|
| Optional |
|
| Optional | ISO 4217 3-letter code (EUR, USD, GBP…). Falls back to the company default currency if absent. |
| Optional | Job title |
| Optional | employee_number of the manager (must match another row in the same file) |
| Optional |
|
| Optional | ISO 8601 ( |
| Optional | ISO 8601. A past date excludes the employee from the sync. |
| Optional | Contract type (e.g. permanent, fixed-term, intern) |
| Optional | Numeric — used to derive FTE |
| Optional |
|
Anonymised employees. Customers who do not want to share personal data with Figures can omit first_name, last_name, display_full_name, work_email, personal_email, mobile_phone_number, gender, date_of_birth and nationality. The integration syncs the employee record on the strength of employee_number alone and the platform remains fully functional for benchmarking, salary bands and pay equity (the latter requires gender to produce gender-related insights).
Custom fields — bonuses, additional fields, business attributes
Anything outside the standard columns above is supported through two mechanisms agreed at setup time:
Custom compensation items — variable bonuses, fixed bonuses, commissions, allowances and any other monetary item. Each one is mapped in Figures to a Figures "remuneration nature".
Additional fields — any non-monetary attribute relevant to your organisation (e.g. business unit / department, seniority level, location, cost centre, internal grade label). These are exposed as filters and dimensions across the Figures platform.
There is no hard-coded limit on how many bonus components or additional fields can be added — the list is agreed once and configured at setup.
Sync schedule
Automatic sync
The customer's HRIS or export tool uploads the file on a recurring schedule of its choice — most commonly daily, but weekly or hourly are supported. The cadence is agreed between Figures and the customer at setup time and configured in the customer's HRIS scheduler.
Figures pulls the data shortly after Kombo confirms a successful upload. End-to-end latency from file drop to data updated in Figures is typically a few minutes.
Manual sync
Figures' Customer Success team can trigger a manual re-sync at any time on the customer's request — for instance after a correction or an off-cycle compensation change. The trigger is internal to Figures; no action is required from the customer's IT.
Field mapping
The mapping is split between two places:
Where | What is mapped |
In Kombo (one-time, at setup) | Standard fields: employee ID, first name, last name, hire date, employment status, base pay, currency, location, job title, manager, etc. |
In Figures (one-time, at setup) | Additional fields and custom remuneration items: bonus components, allowances, internal grade labels, cost centres, etc. |
First-file mapping
The very first file uploaded does not sync automatically. Kombo runs a one-time column-mapping and quality-assurance step against the file. Once that step is complete (typically within one business day), all subsequent uploads sync automatically without any manual step.
Error handling and monitoring
Monitoring
Failed uploads (authentication error, malformed file, parse error) trigger a Slack notification to the Figures team. Successful uploads are silent.
Each Figures sync produces a sync record with: total employee count, successfully processed count, failed employee numbers, and per-step durations.
The Figures Customer Success team reviews failure notifications and follows up with the customer to share the error details and resolution path.
Common rejection reasons
Cause | Resolution |
SSH public key rejected | Public key must start with |
PEM certificate rejected | Must start with |
File not received | Verify host, port (22) and directory ( |
File name mismatch | Filename must match exactly across uploads (e.g. |
Missing required field | Employee is skipped; reported in the sync's failed-employee list. |
Unsupported pay period | Currently supported: |
Setup process
The Figures Customer Success team configures the integration end-to-end on behalf of the customer. The customer's involvement is limited to:
Agreeing on the scope — list of fields to share, additional fields, custom compensation items, sync cadence.
Choosing security options — authentication method (SSH key vs username/password), encryption (none / PGP 2048 / PGP 4096).
Providing the SSH public key if the SSH method is chosen.
Configuring the export and the scheduler in their HRIS or data warehouse, using the connection details (host, port, directory, username, optional PGP public key) provided by Figures.
Validating the first file with the Figures CSM team before automatic sync is enabled.
Important notes
Figures never pushes data back to your HRIS.
You control which fields are exported. The integration only sees what your file contains.
Source of truth — the SFTP file is the source of truth for employee data while the integration is active. Manual changes to the same fields inside Figures will be overwritten on the next sync.
Hosting — all Figures data is hosted in the EU (eu-central-1, Frankfurt) on AWS.