Secure Store Service Application in SharePoint
Secure store service enables you to securely store credentials required to connect to external systems and associate those credentials to a specific identity or group of identities. Secure Store Service solves the problem of sign-in into many applications and entering different usernames and passwords. This is managed through the SharePoint central administration and keeps the credentials stored secure and safe within a secured storage. Secure Store Service was introduced as a replacement to Single Sign-On in MOSS 2007.
Purpose of secure store service in SharePoint 2013
The primary purpose of Secure Store Service is to maintain credentials for target applications on external systems. When we connect to external data sources, it needs to pass the user credentials like user name and password. We can solve these types of scenarios by configuring an unattended service account for external data access.
E.g., When you want to use external data, such as data from your other business applications, in SharePoint, you can use Business Connectivity Services (BCS) together with Secure Store Service. And, you can manage BCS and Secure Store right in the SharePoint central administration site. The external data source you can connect to is a Secure Store Target Application. BCS makes it possible for you to set up a connection to the Target Application, and the Secure Store enables you to manage the credentials required by the external data source.
SharePoint has its built-in services that can be supported through Secure Store Service. They are as follows:
- Excel Services
- Visio Services
- Business Connectivity Services
- PowerPivot for SharePoint
- PerformancePoint Service
How to Create Secure Store Service Application in SharePoint 2016?
Let’s see how to create a secure store service configuration SharePoint 2016 step by step.
- Go to SharePoint 2013 Central Administration >> Manage Service Applications
- In the Service, Applications ribbon click on the New button and then select Secure Store Service
- Enter a name for the Secure Store Service Application, database Server, and Database name details
- Scroll down and either choose an existing application pool or create a new application pool using the managed account. To run the application pool, you need a domain account. No specific permissions are required for this account. Click OK to create a secure store service.
- Wait for the secure store service application created message.
Generate a new key in Secure Store Service:
Secure Store Service requires a key/ passphrase to encrypt-decrypt credentials. The first time you access the Secure Stored Service, it will ask you to generate a new encryption key. Before using the Secure Store Service to create target applications, you must provide a passphrase.
- Go to Central Administration site >> Application Management
- Service applications page, pick your newly created Secure store service application.
- Click on Generate New Key from the ribbon
- Enter the passphrase and click on OK to complete secure store service configuration. Remember it or save it in a safe place to have access to it when you need it.
Now the error message displayed on the secure store has gone, and it should read something like there is no Secure Store Target Application.
Start the Secure Store Service Instance on the application server(s)
The next step is to start a secure store service on the server if it’s not started already.
- Go to Central Administration >> System Settings >> Manage service on server (Under Servers).
- Select the application server >> Locate the Secure Store Service then click start next to it.
The next step is to create a Target Application, which I’ll explain in another article.
To create a secure store service application using PowerShell, use: How to Create a Secure Store Service Application using PowerShell?