SharePoint Secure Store Service
Quoting MSDN, the definition of SharePoint Secure Store Service is:
"Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities. It is very common for solutions to try to authenticate to an external system in which the current user is known differently or has a different account for authentication. In such cases, Secure Store Service can be used to store and map user credentials required by the external system. You can configure Secure Store Service so that multiple users can access an external system by using a single set of credentials on that external system."
How to create Secure Store target application in SharePoint Online
In this article we will see how to create the Secure Store target application in SharePoint Online so that it can be used by Business Connectivity Services to connect to an external Data Source like Azure SQL DB. This article is part of Integrating Azure SQL DB with SharePoint Online using Business Connectivity Services. You can find the setting up of Azure SQL DB from here.
In order to get started with Secure Store target application creation, head over to SharePoint Admin Center. From Secure Store, Select ‘New’.
![]()
This will open up the page where we can specify the Target Application ID and the type of credentials that will be stored in the secure store.
![]()
Target Application ID would be the unique ID against which the Secure Store credentials will be mapped. While creating Business Connectivity Services External Content Type from SharePoint Designer, we will be using this ID as shown below:
![]()
In the next page, specify the Target application administrators who can modify the target application settings.
![]()
Upon clicking on OK, it will create the Secure Store Target Application.
![]()
Once the target application has been created, we have to set the credentials that will be used by this target application. On clicking the target application, select ‘Set Credentials’ option.
![]()
Specify the user name and password that will be used to connect to the external content source.
![]()
Here we are storing the credentials of the Azure SQL DB Administrator so that we can use these credentials from SharePoint Online to connect to Azure SQL DB. However make sure that the username is stored in the format ‘UserName@AzureSQLDBServer’. The Azure SQL DB Server name can be found in the Azure dashboard of the SQL DB as shown below.
![]()
Once the user name is set, it will be encrypted using a passphrase and stored in the SharePoint Online Content Database. If we want to change the credentials we will have to go to ‘Set Credentials’ page once again and assign the credentials. Once we are done with the usage, we can also delete the Target Application from the secure store by choosing the Delete option from the drop down as shown below.
![]()
In the upcoming article we will see how to use these Secure Store credentials to connect from SharePoint Online to Azure SQL Database.
Summary
Thus we saw how to set up a target application in Secure Store to save credentials of external content sources so that it can be used for connecting to external lines of business from SharePoint Online.