Share via

Setup Secure Store Service

  • Article

Secure Store Service
In Central Administration, under System Settings, click Manage Services on Server.
Start Secure Store Service (link on the right side).
Click Application Management (left menu) and under Service Applications, Manage service applications, New (top, left), Secure Store Service Application and fill out the page as follows:
Name: Secure Store
Click Register new managed account and fill out the page as follows:
Username: <domain>\SecureS>
Check Enable automatic password change and click [OK].
Database, Database Name: <APP-maskinenavn>_SharePoint_service_SecureStore.
Application Pool, Application pool name: Secure Store.
Configurable: <domain>\SecureS> and click [OK], [OK].

Click Secure Store Service Application 1.
Click [Generate New Key], select passphrase (32 random, alphanumeric characters are sufficient) and click [OK].

Click [New] and fill out the page as follows:
Target Application ID: ProjectServerApplication
Display Name: ProjectServerApplication
Contact E-mail: securestore@<domain>
Target Application Type: Group
Click [Next], [Next].
Target Application Administrators: <Farm>
Members: Report Viewers
Click [OK].

Under ProjectServerApplication, click Set Credentials and fill out the page as follows:
Windows User Name: <SSTarget>
Click [OK].

PowerShell
$EnvironmentName = '<ENVIRONMENTPREFIX>'
$ApplicationName = 'Secure Store'
$ApplicationPoolName = $ApplicationProxyName
$ApplicationPoolAccount = '<APPPOOLACCT (domain\account)>'
$ApplicationProxyName = $ApplicationName
$Auditing = $false

$DBServer = (Get-SPServer | Where-Object {$_.Role -eq 'Invalid'}).Address
$DBName = $EnvironmentName + '_SharePoint_service_'
$ApplicationName.Split(' ') | ForEach-Object {$DBName += $_}

$ManagedAccount = $ApplicationPoolAccount
#$ManagedAccountPassword = '<MANAGEDACCTPWD>'

$ErrorActionPreference = "Stop"
# try {Get-SPManagedAccount $ApplicationPoolAccount} catch {New-SPManagedAccount (New-Object System.Management.Automation.PSCredential $ManagedAccount, (ConvertTo-SecureString $ManagedAccountPassword -AsPlainText -Force))}
try {Get-SPManagedAccount $ApplicationPoolAccount} catch {New-SPManagedAccount (Get-Credential $ManagedAccount)}
$ErrorActionPreference = "Continue"

New-SPSecureStoreServiceApplication -ApplicationPool (New-SPServiceApplicationPool -Name $ApplicationPoolName -Account (Get-SPManagedAccount $ApplicationPoolAccount)) -AuditingEnabled:$Auditing -DatabaseServer $DBServer -DatabaseName $DBName -Name $ApplicationName
New-SPSecureStoreServiceApplicationProxy -Name $ApplicationProxyName -ServiceApplication (Get-SPServiceApplication | Where-Object {$_.DisplayName -eq $ApplicationName})