How To Configure Secure Store Service Application In SharePoint

The Secure Store is an authorization service that contains a secure database for storing credentials that are associated with application ID. The Secure Store Service provides support for storing multiple sets of credentials for multiple backend systems.

Storing credentials in Secure Store is accomplished by using a Secure Store target application. A target application maps the credentials of a user, group, or claim to a set of encrypted credentials stored in the Secure Store database. After target application is created, you can associate it with an external database or application model.

How to Configure Secure Store Service

  1. Start the Secure Store Service on an application server in the farm,

    Go to Central Administration, System Settings, then Manage service on server (Under Servers).

    Start Secure Store Service if not started.


  2. Create Secure Store service application.

    So let’s start configuration.

    Go to Central Administration --> Application Management -- > Manage service applications (Service Applications)

    Application Management
    New--> Secure Store Service

    Secure Store Service
    Fill the columns.


Register a managed account in SharePoint 2013 to run the Secure Store application pool.

You need a managed account for service application pool or you can use existing application pool. It all depends upon your requirement. In my case I will create new service application pool during configuration process.

It will create new Secure Store Service Application and Secure Store Service Application Proxy.

Now click on SecureStoreService.

You will get a message “Before creating a new Secure Store Target Application, you must first generate a new key for this Secure Store Service Application from the ribbon.”


The very first time you will have to essentially Generate an encryption key. After generating a key, the rest of the Secure Store functionality becomes available. The key is used to encrypt and decrypt the credentials that are stored in the Secure Store Service database.

Generate New Key

Click on Generate New Key,

New Key

Enter Phrase & Confirm Pass Phrase:

Now you can create Secure Store Target Application.

Create Target Application

I am creating for BCS (Business connectivity Service)

Click on newly created SecureStoreService--> New.

Fill the particulars.

Target Application ID: Business Connectivity

(This is the id which you use for particular applications,  in my case it is Business Connectivity for business connectivity services. Make sure ID  is unique)

Display Name: Display name of your application.

Contact E-mail:

Target Application Type: Choose Group or Individual.

(Group: Maps group of users to a single set of stored credentials

Individual: Maps a single user to a single set of stored credentials)

Click Next.


Create New Secure Store Target Application window.

You can add more Field Names and Field Types by clicking Add Field. In my case User Name and Password is sufficient.

Click Next.


Fill the particulars.

Target Application Administrator: Users who have access to manage this target application setting.

Member: Individual or group, who can use this target application (I am using group).

Click Ok.

Now you have successfully created target application.

Set Credential for access.

Click on newly created Application Id menu-->>Set Credential,

Set Credential
Enter the User Name and Password & Confirm Password which will be used on behalf of authorized users.



Now users of IT group can communicate with external database with the help of Secure store service application and Application ID.


Make sure this access account (in my case SPsecstorserv) should have proper rights on external database for operation.

Read more articles on SharePoint: