Recently I had blogged about SharePoint’s Business Connectivity Service.  Another service which goes hand-in-hand with BCS is SharePoint’s Secure Store Service.  I talk in more detail about the Secure Store within part three of my SharePoint BCS overview series.  However, Secure Store is not limited to just BCS.  It can be used for Excel Services, Access Services and even custom applications.

Today I am going to take what I have discussed already about Secure Store and show you how to create and configure a new entry that you can then consume with another system\service.  I plan to show you how to create your secure store entry.

Create Secure Store Entry

  1. Start by logging into your environment’s Central Admin
  2. Under Application Management click on Manage Service Applications.
  3. Click on the entry for your Secure Store.  Note: if you haven’t created your Secure Store Service yet you can find the steps here.
  4. Click on New.

New Secure Store

  1. A configuration window will be surfaced to you.  Enter the data as follows:
    1. Target Application ID: ID you wish your entry to have.  It can’t be changed
    2. Display Name: As it sounds the name you wish to be displayed when viewing the entry
    3. Contact E-Mail: The email the system is to use should criteria require it to contact someone for an issue
    4. Target Application Type: A number of different options can be selected.
      1. Individual: Indicates this entry will have a separate set of credentials for each person that will access the external source
      2. Individual Ticket: More secure than Individual in that a ticket or token is issues and will timeout after a certain amount of time.
      3. Individual Restricted: Allows you to restrict whom can use the credential
      4. Group: Everyone who accesses the resource assigned to the Secure Store entry will use the same credentials stored.
      5. Group Ticket: Similar to Individual ticket, but for multiple users (like Group).
      6. Group Restricted: Similar to Individual Restricted, but for multiple users (like Group).


  1. Once the entries have been entered, click Next
  2. In the next section you are setting up the Field Name and the Field Type.  The Field Name is simply how the field will be displayed to the user when they enter the credentials.  The Field type is the type of credentials you will be using (Windows based ID and Pwd, non- windows based, certificate, Pin, etc).  If masked is set, then the value entered will not be displayed (pwd field).  In my example I set the User ID Field to Windows Network ID and the password field to: Password


  1. Once you have made your choices, click on Next.
  2. In the next screen you will setup the security around the secure store entry.  The first box sets up who is able to make changes to the secure store entry (administrators).  The other user box lists who will be allowed to use the secure store.  For example: Say you have full access to a site, but if you access an external list within that site and are not part of the secure store members, you will not be able to generate the list contents.


  1. After entering the admins and the members, click OK.
  2. We aren’t quite done yet.   Finally we are going to setup the credentials for the entry.  Click on Set Credentials.


  1. Enter the userid, the password and then confirm the password that is to be used to authenticate through to the external source.  Important: If you have selected Windows User Name then the domain must be used.  Also, see the field names are as we set them in step 7.


  1. That’s it.  Your secure store is ready to go.

Now that your secure store entry is created and configured, you are ready to consume it through such sources as BCS or Excel Services.