Secure store service – till now It has always made me confused like how it works and why it’s used.I was reading about BCS in SharePoint and again SSS came front of me – let me attack on actual concept to clear my confusion about it !!! 😛
Generally, SharePoint uses SSS with BCS when there is a need to access the external business data. Let’s take example of SharePoint Online and External Data source (Business applications/partner resources/SQL Server Database/Web Service etc.) as shown below:
There is a possibility that username and password used to access external data may not be the same as the username and password used to access SharePoint Online.
When a user accessed a SharePoint Online page that displays the information from the external data source using valid SharePoint credentials, SharePoint must make a separate request to get the information from the external data source.
A separate request must be made with credentials that are known to the external data source, only then SharePoint can display the information from the external data source on the page.
From the above diagram and explanation it has been understood that Secure Store Service stores the external data system credentials.
Additionally, The Secure Store Service is designed to create a background mapping between SharePoint user group, and a single user known to the external data system.
To summarize all the information, When the Secure Store Service is properly configured, following executions happens:
- A user authenticates to SharePoint Online via valid credentials.
- Inside SharePoint Online, the Secure Store Service uses mapped credentials known to the external data source for the authenticated user.
Another benefit of the Secure Store Service is that it eliminates authentication prompts for users. When users navigate to SharePoint Online pages that access external data source because Secure Store Service is active in the background and hence checking user rights and providing mapped credentials to the external data when appropriate. This allows users to access the required data without prompting them to enter usernames and passwords specific to the external data source.
I can take a break now 😉
Enjoy SharePoint Run!