How to Configure Secure Store in SharePoint 2013

Secure Store runs as a service application in SharePoint Server 2013. The service application relies on the Secure Store Service, which must be running on at least one application server in the farm. The process of configuring Secure Store in SharePoint Server 2013 is similar to the process used for Microsoft SharePoint Server 2010. Use the following procedure to start Secure Store Service.

To start Secure Store Service:

  1. On the Central Administration home page, in the System Settings section, choose Manage Services on the Server.
     
  2. At the top of the Services on the Server page, check the Server field to confirm that this is the server where you want to start the Secure Store Service. If not, choose Change Server and select the server that you want.
     
  3. In the Action column, choose Start next to the Secure Store Service.

Once the Secure Store Service has been started, you can create the Secure Store service application. Use the following procedure to create the service application.

Create a Secure Store service application

  1. On the Central Administration home page, in the Application Management section, choose Manage service applications.
     
  2. On the Manage Service Applications page, choose New and then choose Secure Store Service.
     
  3. On the Create New Secure Store Service application page:
     
    • In the Service Application Name field, enter a name for the service application.
       
    • Ensure that the Database Server field contains the instance of SQL Server where you want to deploy the Secure Store database.
       
    • Select the Create new application pool option and enter a name for the application pool.
       
    • Select the Configurable option and select the account that you want to use to run the application pool from the list.
       
    • Choose OK.
       
    • Choose OK.
       

Create a target application

  1. Target applications are configured on the Secure Store Service Application page in Central Administration. Use the following procedure to create a target application.
     
  2. To create a target application:
     
  3. On the Central Administration home page, in the Application Management section, click Manage service applications.
     
  4. Click the Secure Store service application.
     
  5. In the Manage Target Applications group, click New.
     
  6. In the Target Application ID box, type a text string.
     
  7. This is the unique string that you will use externally to identify this target application.
     
  8. In the Display Name box, type a text string that will be used to display the identifier of the target application in the user interface.
     
  9. In the Contact Email box, type the e-mail address of the primary contact for this target application.
     
  10. This can be any legitimate e-mail address and does not need to be the identity of an administrator of the Secure Store Service application.
     
  11. When you create a target application of type Individual (see below), you can implement a custom Web page that lets users add individual credentials for the destination data source. This requires custom code to pass the credentials to the target application. If you did this, type the full URL of this page in the Target Application Page URL field.
     
  12. In the Target Application Type drop-down list, choose the target application type: Group, for group credentials, or Individual, if each user is to be mapped to a unique set of credentials on the external data source
     
  13. Click Next.
     
  14. Use the Specify the credential fields for your Secure Store Target Application page to configure the various fields that may be required to provide credentials to the external data source. By default, two fields are listed: Windows User Name and Windows Password.
     
  15. In the Specify the membership settings page, in the Target Application Administrators Field, list all users who have access to manage the target application settings.
     
  16. If the target application type is group, in the Members field, list the user groups to map to a set of credentials for this target application.
     
  17. Click OK to complete the configuration of the target application.

Set credentials for a target application

After creating a target application, an administrator of that target application can set credentials for it. These credentials are used by the calling application to provide access to an external data source. If the target application is of type Individual, you can also enable users to supply their own credentials.

To set credentials for a target application:

  1. On the Central Administration home page, in the Application Management section, click Manage service applications.
     
  2. Click the Secure Store service application.
     
  3. In the target application list, point at the target application for which you want to set credentials, click the arrow that appears and then, in the menu, click Set credentials.
     
  4. If the target application is of type Group, type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.
     
  5. If the target application is of type Individual, type the user name of the individual who will be mapped to this set of credentials on the external data source and type the credentials for the external data source. Depending on the information that is required by the external data source, the fields for setting credentials will vary.
     
  6. Click OK.