Sharepoint 2013 : Business Connectivity Services - Configure the Secure Store

Most external data systems require credentials for accessing the contained data. This can pose a problem when you try to access these systems from Business Connectivity Services. Fortunately, Business Connectivity Services can leverage the Secure Store Service to maintain and access account information for external systems. The Secure Store Service ensures that you do not leave credentials for these important line of business systems lying around in configuration files or database rows.

I will cover the steps involved to create a new target application ID, which you can later use for data source connections when creating new external content types.

1. Open Central Administration.
2. Click the link to manage service applications, under the Application Management heading.
3. Scroll down to the Secure Store Service .
4. Select the Secure Store Service and then click the Manage icon on the ribbon.
5. Click the New icon on the ribbon to create a new target application ID—this is a unique identifier, which your external content types will use.
6. Provide the target application ID—this can be any text value, as long as it is unique across the Secure Store.
7. Provide a display name and contact e-mail for the target application.
8. Change the application type to Group because you use one account for all users to access your SQL Server database.

    Note  There are several types of target applications. They fall into two broad categories: individual target applications and group target applications. The type of target applications corresponds to the type of account used to map user ­credentials. If each user has an account in the target application, choose the individual type. If the target application uses one account for all users, choose the group type. The remaining target application types are based on these two main types.

9. Click the Next button.
10. On the next page (Figure 1), leave the field name and type in the Windows User Name and Windows Password because you are using Windows account types to authenticate with SQL Server.

    

    Figure 1. Fields for credentials in the Secure Store Service

11. Click the Next button.
12. Provide the target application administrators.
13. Specify the users and groups that map to the credentials in the store. I recommend that you create a designated group in your domain, or a specific user in your domain, that all credentials map and you can use in external systems (for simplicity, I used the Authenticated Users group).
14. Click the OK button to return to the Secure Store landing page.
15. Check the check box of the target application you just created.
16. Click the Set icon in the Credentials section of the ribbon.
17. On the next page, provide the Windows username (DOMAIN\username) and password—this is the account that has access to your SQL store.
18. Click OK to set the credential.

You have created a target application ID and specified a domain account that has access to your SQL Server database; you then mapped that account to a group of users (all authenticated users in my case) that can use this credential to access the database. Now, you are ready to create your external content type.