Export (0) Print
Expand All

Create an on-premises Secure Store Service target application for the Business Connectivity Services hybrid scenario

SharePoint 2013
 

Applies to: SharePoint Server 2013

Topic Last Modified: 2013-12-18

Summary: Learn how to create and configure the on-premises Secure Store Service target application for the Business Connectivity Services (BCS) hybrid scenario.

NoteNote:
This documentation is preliminary and subject to change.
WarningWarning:
To configure a hybrid SharePoint environment, you need a combination of expert skills and significant hands-on experience with SharePoint Server 2013, SharePoint Online, and related products and technologies. We recommend that you engage Microsoft Consulting Services to provide technical guidance and support during the design and deployment of your hybrid environment.
For more information about Microsoft Consulting Services, see Microsoft Services.

The Secure Store Service provides a database that is used to store credentials. These credentials usually consist of a user identity and password, but can also contain other fields that you define. For example, SharePoint Server 2013 can use the Secure Store database to store and retrieve credentials for access to external data sources. The Secure Store provides support for storing multiple sets of credentials for multiple back-end systems. For more information about the Secure Store, see Plan the Secure Store Service in SharePoint Server 2013.

In the Prepare the on-premises environment for the Business Connectivity Services hybrid scenario procedure, you added all the users that will use your BCS hybrid solution to the ODataGroup and created the ODataAccount. Later in this scenario, you will configure security on the OData service endpoint so that only the ODataAccount has access to it, aside from administrative accounts. In this procedure, you link the ODataGroup to the ODataAccount by using a Secure Store target application ID. This way, users can only access the OData service endpoint through only one account, the ODataAccount. Users get access to that account only by virtue of their membership in the ODataGroup, which you control administratively.


ImportantImportant:
This is Step 2 in the Business Connectivity Services Hybrid scenario deployment procedures.

In this procedure, you create and configure the on-premises Secure Store target application named ODataApp for the BCS hybrid scenario. The name ODataApp is used for demonstration purposes. You can use any name of your choice. This procedure assumes that the Secure Store Service service application is already configured on your on-premises farm. If you haven’t configured the Secure Store Service service application, you must complete the procedures in Configure the Secure Store Service in SharePoint 2013 before you continue.

To create and configure a Secure Store target application
  1. Open the SharePoint Central Administration website for your on-premises server farm by using a user account that is a member of the Farm Administrators group. In the Manage service applications section, click Secure Store Service.

  2. In Configure the Secure Store Service in SharePoint 2013, read Store credentials in Secure Store, and then perform the Create a target application procedure by using these parameters:

    1. In the Target Application ID box, type a string for the target application. This is not the display name; for example, ODataApp.

    2. In the Display Name box, type the display name you want; for example, ODataApp.

    3. In the Contact E-mail box, type a contact email address.

    4. In the Target Application Type drop-down list, select Group. This indicates the mapping of many user credentials or a security group to one credential. In this case, the Target Application Page URL is not needed and automatically selects None.

    5. On the Create New Secure Store Target Application page, for both Field Name and Field Type, accept the default values of Windows User Name and Windows Password.

    6. In the Target Application Administrators field, add the Farm Administrators account and an account that has farm administrator rights. In the Members field, add the domain security group you are using to control access to the BCS hybrid scenario solution; for example, ODataGroup.

  3. In Configure the Secure Store Service in SharePoint 2013, perform the Set credentials for a target application procedure by using these parameters:

    1. In the Windows User Name box, type the account name for the account that will have access to the OData service endpoint in domain\username format that you configured in Prepare the on-premises environment for the Business Connectivity Services hybrid scenario; for example, Adventureworks\ODataAccount.

    2. In the Windows Password and Confirm Windows Password fields, type the password for the account.

    TipTip:
    If you need to change the password in the future, and you open this target application ID to edit it, the current account and password is not displayed.


ImportantImportant:
Link to Step 3 Create and configure an OData service endpoint for the Business Connectivity Services hybrid scenario of the Business Connectivity Services hybrid scenario deployment procedures.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft