Create Secure Store Service Application in SharePoint Server using PowerShell

PowerShell Script to Create SharePoint 2013/2016 Secure store Service application:

The Secure Store Service was introduced to replace the SSO feature since SharePoint 2010. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It solves the problem of having to sign in to many applications and entering different usernames and passwords. It enables you to securely store data that provides credentials required to connect to external systems and associate those credentials to a specific identity or group of identities. Creating a secure store service application through SharePoint Central administration site is explained here: Configure Secure Store Service Application in SharePoint 2016

Create Secure store Service application using PowerShell in SharePoint 2016:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
 
#Configuration Parameters
$ServiceAppName = "Secure Store Service Application"
$ServiceAppProxyName = "Secure Store Service Application Proxy"
$AppPoolAccount = "Crescent\SP16-AppPool"
$AppPoolName = "Service Application App Pool"
$DatabaseServer ="SP16-SQL001"
$DatabaseName = "SP16_Service_SecureStore"

Try {
    #Set the Error Action
    $ErrorActionPreference = "Stop"
 
    #Check if Managed account is registered already
    Write-Host -ForegroundColor Yellow "Checking if the Managed Accounts already exists"
    $AppPoolAccount = Get-SPManagedAccount -Identity $AppPoolAccount -ErrorAction SilentlyContinue
    if($AppPoolAccount -eq $null)
    {
        Write-Host "Please Enter the password for the Service Account..."
        $AppPoolCredentials = Get-Credential $AppPoolAccount
        $AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCredentials
    }
 
    #Check if the application pool exists already
    Write-Host -ForegroundColor Yellow "Checking if the Application Pool already exists"
    $AppPool = Get-SPServiceApplicationPool -Identity $AppPoolName -ErrorAction SilentlyContinue
    if ($AppPool -eq $null)
    {
        Write-Host -ForegroundColor Green "Creating Application Pool..."
        $AppPool = New-SPServiceApplicationPool -Name $AppPoolName -Account $AppPoolAccount
    }
 
    #Check if the Service application exists already
    Write-Host -ForegroundColor Yellow "Checking if Secure Store Service Application exists already"
    $ServiceApplication = Get-SPServiceApplication -Name $ServiceAppName -ErrorAction SilentlyContinue
    if ($ServiceApplication -eq $null)
    {
        Write-Host -ForegroundColor Green "Creating Secure Store Service Application..."
        $ServiceApplication = New-SPSecureStoreServiceApplication -Name $ServiceAppName -ApplicationPool $AppPoolName -DatabaseName $DatabaseName -DatabaseServer $DatabaseServer -AuditingEnabled:$false
        $ServiceApplicationProxy = New-SPSecureStoreServiceApplicationProxy -Name $ServiceAppName" Proxy" -ServiceApplication $ServiceApplication -DefaultProxyGroup
    }
 
    #Start service instance 
    $ServiceInstance = Get-SPServiceInstance | Where-Object { $_.TypeName -like "*Secure Store Service*" }

    #Check the Service status
    if ($ServiceInstance.Status -ne "Online")
    {
        Write-Host -ForegroundColor Yellow "Starting the Secure Store Service Instance..."
        Start-SPServiceInstance $ServiceInstance
    }
 
    Write-Host -ForegroundColor Green "Secure Store Service Application created successfully!"
}
catch {
    Write-Host $_.Exception.Message -ForegroundColor Red
 }
 finally {
    #Reset the Error Action to Default
    $ErrorActionPreference = "Continue"
 }

Create Master Key for Secure Store Service using PowerShell:

#Config parameters
$Passphrase = "Password1"
$ServiceAppProxyName="Secure Store Service Application Proxy"

#Get the Service App Proxy
$ServiceAppProxy = Get-SPServiceApplicationProxy | where { $_.Name -eq $ServiceAppProxyName}

#Create Master key
Update-SPSecureStoreMasterKey -ServiceApplicationProxy $ServiceAppProxy -Passphrase $Passphrase

Don’t forget to change the values in the #Configuration Parameters section!

Salaudeen Rajack

Salaudeen Rajack - Information Technology Expert with Two-decades of hands-on experience, specializing in SharePoint, PowerShell, Microsoft 365, and related products. He has held various positions including SharePoint Architect, Administrator, Developer and consultant, has helped many organizations to implement and optimize SharePoint solutions. Known for his deep technical expertise, He's passionate about sharing the knowledge and insights to help others, through the real-world articles!

One thought on “Create Secure Store Service Application in SharePoint Server using PowerShell

  • Salaudeen —

    I keep getting this error when I try to create the key:

    Update-SPSecureStoreMasterKey : There are no addresses available for this application.

    Any ideas?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *