Secure Store Service in SharePoint 2013

Many organizations rely on proprietary or third-party legacy systems for a variety of functions. These systems may include customer relationship management (CRM) systems, inventory management systems, enterprise resource planning (ERP) tools, and other line-of-business (LOB) applications. In many cases, these systems will maintain their own credential stores. This presents a challenge when you want to surface external data in SharePoint. This is difficult for us to present an integrated view of data from disparate data sources, if the user has to enter a separate set of credentials for each data source.

Here  Secure Store Service application helps us to solve the same. The Secure Store Service enables you to map SharePoint user identities to external credentials. The external credentials and the credential mappings are stored in an encrypted database. You can map individual SharePoint users or groups of SharePoint users to an individual set of external credentials.


Understanding Secure Store Target Applications
 
If you want to use the Secure Store Service to manage credentials, you must first create a target application. A target application is the unit of management in the Secure Store Service, and defines one or more credential mappings for a
specific external system or application. Each target application is uniquely identified by a target application ID. There is a one-to-one mapping between BDC models and secure store target applications. If you want to use secure store credentials with a BDC model, the BDC model settings must specify a target application ID. In this way, the BDC Runtime knows which set of external credentials it should use to access the external system associated with the BDC model.

A target application includes the following information:

  • Target application ID. This uniquely identifies the target application.
  • Display name and contact email. The name and contact email address for the target application.
  • Target application type. The options include Individual, in which each SharePoint user is mapped to an individual set of external credentials, and Group, in which multiple SharePoint users are mapped to a single set of external credentials.
  • Field names and types. These represent the credentials that are required by the external system. You
    can specify a variety of credential types, including generic user names and passwords, Windows user
    names and passwords, PINs, keys, and certificates.
  • Target application administrators. This is the list of users who can edit the target application settings.

In addition to these settings, each target application includes credential mappings. In the case of target applications based on the Group type, the target application contains a single credential mapping that maps a group of SharePoint users to a single set of external credentials. In the case of target applications based on the Individual type, the target application contains credential mappings for each SharePoint user that accesses the external system.