Hi, welcome to my article on ‘How to configure secure store service in SharePoint 2013’. I have series of articles like this to show how to configure and use all of the Business Intelligence feature that SharePoint offers. I have lots of great stuff to share you through this article, let’s get started.
Let us go through some useful information on Secure Store Service from MSDN – “The Secure Store Service replaces the Microsoft Office SharePoint Server 2007 Single Sign On feature. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities.”
The Secure Store is normally part of the standard installation for SharePoint 2013. It is very important, it’ll give us that unattended service account for things like PerformancePoint, Excel Services, Visio services and so on.
In the below content you can find step by step approach to configure secure store service,
1. Go to Central Administration -> Manage service applications
2. Here I do not have secure store service. So I’m going to create new one, by selecting New (in top ribbon) -> Secure Store Service.
3. In Create New Secure Store Service Application window, give the service name, database server name and database name and I’m using Windows Authentication here,
4. Now select the already existing application pool or create new application pool for this, to keep things simple I was using the same application pool for the most of the service applications. Give the service application pools and the accounts the proper permissions in SQL. Maybe in production environment you may prefer separate service application pool, for various reasons like performance, security and so on.
5. I’ve used already registered Managed account for this service application, you can use your own managed account and then click OK.
6. Secure Store Service has been created.
7. Now we need to start the Secure Store Service on the server. For that, go to Central Admin -> System Settings -> Manage services on server
8. Click on Start.
To use Secure Store Service, we must generate an encryption key. The key is used to encrypt and decrypt the credentials that are stored in the Secure Store Service database.
1. To generate the key, go to Application Management -> Manage service application and click on newly created Secure Store Service. And click on Generate New Key button from the ribbon.
2. We need to create the pass phrase. The requirements for the key are that it must contain at least eight characters, in that eight characters it must contain at least three of the following four character groups -> uppercase alphabets, lowercase alphabets, numbers 0-9, and symbols (&, $, %, #, * and so on)
3. Red error has gone and it says there are no Secure Store Target Application
I’ll explain on how to create Target application and stuffs related to that in my upcoming articles.