Secure Store Service provides authorization service and runs on the SharePoint server. Secure Store Service has a database and it is used to store the credentials. Secure Store Service provides support to store multiple sets of identities for multiple back-end/external systems. It is very essential that we understand the importance of the Secure Store Service.
Step-by-step process to create Secure Store Service in SharePoint
- Go to Central Administration >> Application Management >> Manage service applications
- Click on New from ribbon >> in Menu click on Secure Store Service
- Here, we are going to set properties of the Secure Store Service application. These properties can be changed using service properties later.
- Service Application Name: You can update the name of your Managed Metadata Service Application
- Database Server: Enter the SQL server name where your content database of the Secure Store Service will be created
- Database Name – Enter the Database name for storing Secure Store Service data
- Database Authentication - You can keep windows authentication which is recommended or you can provide Account and password for SQL Authentication
- Failover server – If you have any other server as part of database mirroring, then specify the server name here.
- Application pool: Enter the name of the Application Pool. You can either Use existing application pool or create a new application pool
- Security Account: Select a Security account for the application pool, created/selected in the step above.
- Audit Log enabled: Tick the checkbox if you want to enable the logging for Secure Store Service. Additionally, you can specify the number of days after which the logs will be purged/removed.
Start Secure Store Service
After creating the Secure Store Service, you need to start it by following the process.
- Go to Central administration >> Application Management >> Manage services on the server
- Find the Secure store Service and Start it
Generate new key in Secure Store Service:
When you first time accesses the Secure Store Service, you’ll have to generate an encryption key. To target any application for Secure store service, you will have to provide pass phrase which you are going to register now in this step.
- Go to Central administration >> Application Management >> Manage services on server.
- Click on the newly created Secure Store Service
- Now, click on Generate New Key from the Ribbon
- A form opens, now enter a passphrase and click ok.
Note:
- You can see a message below the form. The passphrase you enter is not going to be saved. Make sure you store it somewhere safe so that you can utilize it in the future while linking the applications.
- As Microsoft mentioned, a pass phrase string must be at least eight characters and must have at least three of the following four elements: > Uppercase characters > Lowercase characters > Numerals > Any of the following special characters > "! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Some scenarios that utilize Secure Store Service while connecting to external data sources
- Excel Services
- Visio Services
- Performance Point Services
- Power Pivot
- Business Connectivity Services (BCS)
Note:
As the Secure Store Service stores sensitive information, it is better to consider a few things.
- Run Secure Store Service in a separate pool which is not used by any other service
- Create a database for Secure Store Service on the separate SQL Server. Do not use the same server which is already used by Content Database
- Take back-up of Generation Key and Secure Store Service Database. Do this for the first time and every time you generate a new key.
Conclusion
We went through the process of creating the Secure Store service. We also went through the importance of Secure Store Service and some important points to keep in mind while working with Secure Store Service.