Create Secure Store Service Application in SharePoint Server using PowerShell

PowerShell Script to Create SharePoint 2013/2016 Secure store Service application:

The Secure Store Service was introduced to replace the SSO feature since SharePoint 2010. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It solves the problem of having to sign in to many applications and entering different usernames and passwords. It enables you to securely store data that provides credentials required to connect to external systems and associate those credentials to a specific identity or group of identities. Creating a secure store service application through SharePoint Central administration site is explained here: Configure Secure Store Service Application in SharePoint 2016

Create Secure store Service application using PowerShell in SharePoint 2016:

Add-PSSnapin Microsoft.SharePoint.PowerShell -ErrorAction SilentlyContinue
#Configuration Parameters
$ServiceAppName = "Secure Store Service Application"
$ServiceAppProxyName = "Secure Store Service Application Proxy"
$AppPoolAccount = "Crescent\SP16-AppPool"
$AppPoolName = "Service Application App Pool"
$DatabaseServer ="SP16-SQL001"
$DatabaseName = "SP16_Service_SecureStore"

Try {
    #Set the Error Action
    $ErrorActionPreference = "Stop"
    #Check if Managed account is registered already
    Write-Host -ForegroundColor Yellow "Checking if the Managed Accounts already exists"
    $AppPoolAccount = Get-SPManagedAccount -Identity $AppPoolAccount -ErrorAction SilentlyContinue
    if($AppPoolAccount -eq $null)
        Write-Host "Please Enter the password for the Service Account..."
        $AppPoolCredentials = Get-Credential $AppPoolAccount
        $AppPoolAccount = New-SPManagedAccount -Credential $AppPoolCredentials
    #Check if the application pool exists already
    Write-Host -ForegroundColor Yellow "Checking if the Application Pool already exists"
    $AppPool = Get-SPServiceApplicationPool -Identity $AppPoolName -ErrorAction SilentlyContinue
    if ($AppPool -eq $null)
        Write-Host -ForegroundColor Green "Creating Application Pool..."
        $AppPool = New-SPServiceApplicationPool -Name $AppPoolName -Account $AppPoolAccount
    #Check if the Service application exists already
    Write-Host -ForegroundColor Yellow "Checking if Secure Store Service Application exists already"
    $ServiceApplication = Get-SPServiceApplication -Name $ServiceAppName -ErrorAction SilentlyContinue
    if ($ServiceApplication -eq $null)
        Write-Host -ForegroundColor Green "Creating Secure Store Service Application..."
        $ServiceApplication = New-SPSecureStoreServiceApplication -Name $ServiceAppName -ApplicationPool $AppPoolName -DatabaseName $DatabaseName -DatabaseServer $DatabaseServer -AuditingEnabled:$false
        $ServiceApplicationProxy = New-SPSecureStoreServiceApplicationProxy -Name $ServiceAppName" Proxy" -ServiceApplication $ServiceApplication -DefaultProxyGroup
    #Start service instance 
    $ServiceInstance = Get-SPServiceInstance | Where-Object { $_.TypeName -like "*Secure Store Service*" }

    #Check the Service status
    if ($ServiceInstance.Status -ne "Online")
        Write-Host -ForegroundColor Yellow "Starting the Secure Store Service Instance..."
        Start-SPServiceInstance $ServiceInstance
    Write-Host -ForegroundColor Green "Secure Store Service Application created successfully!"
catch {
    Write-Host $_.Exception.Message -ForegroundColor Red
 finally {
    #Reset the Error Action to Default
    $ErrorActionPreference = "Continue"

Create Master Key for Secure Store Service using PowerShell:

#Config parameters
$Passphrase = "Password1"
$ServiceAppProxyName="Secure Store Service Application Proxy"

#Get the Service App Proxy
$ServiceAppProxy = Get-SPServiceApplicationProxy | where { $_.Name -eq $ServiceAppProxyName}

#Create Master key
Update-SPSecureStoreMasterKey -ServiceApplicationProxy $ServiceAppProxy -Passphrase $Passphrase

Don’t forget to change the values in the #Configuration Parameters section!

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

One thought on “Create Secure Store Service Application in SharePoint Server using PowerShell

  • Salaudeen —

    I keep getting this error when I try to create the key:

    Update-SPSecureStoreMasterKey : There are no addresses available for this application.

    Any ideas?


Leave a Reply

Your email address will not be published. Required fields are marked *