How To Use Secure Store Application

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video we're going to take a look at how to work with secure store target applications so I'm going to start here on the central administration homepage and we'll go and find our secure store service application so under application management manage service applications and you can see in the list here is secure store service I'm going to click here and here in secure store we have a list of to target applications you can see one here with a long gooood attached to it is used by performancepoint services to manage its unattended service account and we have a second one that was created to manage the unattended service account for Visio services now a target application insecure store is a method of mapping one or more users to a particular set of credentials now let's take a look at how that works I'm going to click new to start creating a new target application now this is the first page of the target application wizard movie set some basic settings the first is the target application ID and this is a unique identifier that you use to refer to this target application from other locations such as from Excel services or Visio services the display name is just a friendly name and there's also an email address type there is a fairly long list here but it breaks down into two basic types there's individual and there is group an individual target application Maps a single user to a set of credentials in secure store a group target application Maps a group of users to a single set of credentials now go ahead and choose group here because that's the most commonly used and I'm going to click Next now on this page of the wizard we specify the type of credentials that will be storing in secure store you can see the default is windows username and windows password there's a number of other options that you can choose for these fields for example if I were using sequel server credentials I would choose username and password if I'm accessing an application that requires different fields or more fields than just username and password I can add a field and I can choose what type of field it is perhaps there's a pin or something like that that I need to use and I can add as many of these fields as I need for the application that I'm accessing and all of these fields will be stored encrypted in the secure store database so I'm going to delete this and I'll go back to my standard username and password and click Next on this page we specify target application administrators so this would be any user that you would want to be able to administer this target application you can also use an Active Directory group here so for example I might use my form admin account the members of a target application are the users who are authorized to use the credentials that are stored in secure store now you can list users individually or you can include an Active Directory group or if you wanted to give access perhaps to everybody you could type all authenticated users now once you've configured these two settings click OK and you can see here's our new target application that we just named target application ID friendly name now the next thing that we would need to do is to set the actual credentials that get stored in the secure store database so I'll click on the drop-down list choose set credentials and you can see here it says credential owners are all authenticated users that's what we typed into the members box and the wizard and then here we would specify the actual credentials that we want to store in secure store and once we do that using this target application or credential owners in this case everybody would be authorized to use these credentials now these credential owners will never actually see the credentials they will only be used on their behalf by a service application such as Excel services or performancepoint services but secure store will allow those service applications to use these credentials on behalf of the credential owners so I'm going to click cancel here and let's take a look at a practical example of this I'm going to switch over to my computer running sequel server and I'm going to come down to start all programs Microsoft sequel Server 2008 r2 and I want management studio connect to the database engine and I'll expand databases and you can see I have this database called contoso retail DW and this is a retail sales data warehouse database now let's say I want to write some reports in Excel using this database and I want to publish them to SharePoint Server and I want a particular group of users to be able to access that report and refresh the data in that report so let's take a look at how to set that up now I'll start by switching over to my domain controller and I'm going to come down to start Administrative Tools Active Directory users and computers and I need two things here I need a set of credentials that will have access to that database that I can store in secure store and I need an Active Directory group containing the users who I want to give access to the reports that I'm going to write so I'll start by creating the data access account right click users new user and I'll call it retail sales access I'll use the same for user logon name click Next type a password and I'll deselect to user must change password next logon and I'll make this a non expiring password as well click Next click finish so I have my retail sales access account and this is the account that will be used to actually access the database that we were just looking at and next I'll create a group right click users new group and I'll call it retail sales users and click OK and of course I need to populate that group with the users who should have access to the reports that I'm going to write so I'll add Joe Frank and John woods I'm just gonna right click add to a group retail sales users click OK so as I've successfully added them to the group and if I go down and take a quick look he was Jill Frank and John woods cancel and I'll switch back to my application server now we need to create a target application to map that group of users to the credentials that we created so I'll click new and I'll call this contoso retail sales and for display name I'll type sales database access and I'll go ahead and use my form admin account for the email address and because I have a group of users that I'm mapping to a single set of credentials I want to choose group click next of course we are using Windows credentials so I'll leave the default here click Next for target application administrators again I'll just use my form admin account and for members we want the Active Directory group to which we added Joe Frank and John wood and of course that was contoso retail sales users then I'll click OK here's our new target application now we have not yet associated with the data access account that we created so that's the next step to actually set the credentials click the drop-down set credentials and of course our credentials are contoso retail sales access and type the password and click okay now we have set the credentials for our total retail sales target application now it's important to remember what credentials you've used here because they are stored encrypted in the secure store database and there is no way for you as an administrator to actually see what they are at this point so it's important to make a note of what credentials you actually use there now the next thing we need to do is to actually give those credentials access to our data source so I'll go back to sequel server and I'll expand security right click logins create a new login and of course we want to use contoso retail sales access and then under user mapping I want to choose my contoso retail data warehouse database and I just need read permission so I will give a DB data reader access click OK and our credentials stored and secure store now have access to the data source so let's switch over to a client computer and I'll go to start all programs Microsoft Office and I'll go ahead and open excel and on the data tab from other sources from sequel server it's the contoso sequel and i'm logging in here from excel using my windows account the excel client application does not use secure store but Excel services will use secure store after we published the workbook so I'll log on using Windows authentication choose my contoso retail DW database and I'll just go ahead and take the customers table view next finish and I'll go up to the table report so here in Excel I can go ahead and create my report and then on the data tab go to connections here's my database connection properties definition and here we have Excel services authentication settings and if I choose this and I choose the SSS option this is where I want to type my secure store Target application ID and as you may recall we call our target application contoso retail sales click ok ok again and here's just warning me that I'm changing the authentication settings well click yes close this out and once I finished my report and I publish it to SharePoint Server when users try to render it using Excel services it will attempt to use the contoso retail sales target application to refresh the data in the spreadsheet and as you recall we specified a group containing only Joel Frank and John woods as the members of that target application so only they will be able to actually refresh the data when the spreadsheet is rendered using Excel services other service applications such as performancepoint services and Visio services you secure store in a similar way so to recap what we talked about a target application Maps one or more users to a set of credentials that are stored in the secure store database those users are known as the credential owners or members of the target application secure store allows SharePoint Server service applications to use the stored credentials on behalf of the credential owners the target application ID is a unique identifier associated with each target application the target application ID is used to reference a particular target application from within SharePoint Server now examples of where you might need to specify a target application ID include Excel services authentication settings in an Excel workbook the Excel services unattended service account sharepoint designer when configuring a bcs connection and PowerPivot data refresh settings quick look at working with star applications in secure store you can leave feedback on this video or any of our Technic content by going to the TechNet topic and clicking the rating and feedback control at the top or bottom of the page or you can send feedback to doc bi at Microsoft calm
Info
Channel: TechnologyToSpeak
Views: 9,065
Rating: 5 out of 5
Keywords: How, To, Use, Secure, Store, Application
Id: kZzggU-YueA
Channel Id: undefined
Length: 13min 34sec (814 seconds)
Published: Sat Mar 03 2012
Related Videos
Configure the Secure Store Service in SharePoint 2013
EPC Group.net
14K
Alternate Access Mapping (AAM) - SharePoint - Explained in less than 5 minutes - Lessthan5min.com
azuremonk - cloud in plain english
26K
Create Simple Document Approval Flows using Power Automate & SharePoint
Competitive Computing Consultants Inc.
105K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Enable SharePoint Online Site Collection App Catalog using PowerShell and PnP PowerShell
EnjoySharePoint
581
BI Tools: Using PerformancePoint in SharePoint 2013 (Tutorial)
SharePoint at Rackspace
91K
How to Create Search Service Application on SharePoint 2010
TechnologyToSpeak
28K
Installing and Configuring SQL and SharePoint 2013 for Microsoft Identity Manager 2016 SP1 - MIM #3
Trey Greenwell
9.8K
Episode #8 - Consuming 3rd party APIs from SharePoint Framework
PiaSys Tech Bites
577
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.