Secure Store Service
Last modified: July 16, 2010
Applies to: SharePoint Server 2010
The Secure Store Service replaces the Microsoft Office SharePoint Server 2007 Single Sign On feature. Secure Store Service is a shared service that provides storage and mapping of credentials such as account names and passwords. It enables you to securely store data that provides credentials required for connecting to external systems and associating those credentials to a specific identity or group of identities. It is very common for solutions to try to authenticate to an external system in which the current user is known differently or has a different account for authentication. In such cases, Secure Store Service can be used to store and map user credentials required by the external system. You can configure Secure Store Service so that multiple users can access an external system by using a single set of credentials on that external system.
For example, if a user named Fred has one account on the server that is running SharePoint Server and another in a CRM application, the Secure Store mechanism enables his CRM credentials to be stored with his user profile in SharePoint Server. As a result, if he uses a Microsoft Business Connectivity Services (BCS) solution in SharePoint Server to obtain data from the CRM application, SharePoint Server looks up the Secure Store Service database on the server and provides his credentials to CRM. In in this manner, Fred automatically logs on to the CRM application without having to log onto the CRM application separately.
To provide similar functionality on Microsoft Office clients, Business Connectivity Services provides a Secure Store provider that uses the Windows Credential Store.
In addition, SharePoint Server enhances the Secure Store Service functionality to include a pluggable secure store mechanism that enables you to use alternate secure store providers.
To learn more about the Secure Store Service, see How to: Use Secure Store Service to Connect to an External System and How to: Use Credentials from the Secure Store Service to Connect to the External System. For more information about how to configure the Secure Store Service, see Configure the Secure Store Service (SharePoint Server 2010) and Business Connectivity Services security overview (SharePoint Server 2010).