Active Directory Properties Stored by CLICK

CLICK requires visibility into Active Directory to function. We understand the sensitive nature of this data and maintain the highest standards around capturing and accessing it.

The tables below detail the minimum (and default) set of properties that CLICK captures from Active Directory objects. Some advanced use cases may require configuring the CLICK AD Gateway to include additional properties. This can be done by modifying the AdExtraAttributes parameter in the AD Gateway Stack Parameters.

Active Directory Users

Property

Used For

objectGUID

Uniquely identifying Users

displayName

Display

distinguishedName

Display

userPrincipalName

Linking authentication information with the User

sAMAccountName

WorkSpace provisioning requests and linking Users to their WorkSpaces

userAccountControl

Determining if a user is enabled or disabled (The CLICK AD Gateway does not send the full value, only a boolean to indicate enabled/disabled)

memberOf

Determining Group and OU memberships

mail

E-mail correspondence with the User

Active Directory Security Groups

Property

Used For

objectGUID

Uniquely identifying Groups

distinguishedName

Display, identifying AppStream groups

name

Display

Active Directory Organizational Units (OUs)

Property

Used For

objectGUID

Uniquely identifying OUs

distinguishedName

Uniquely identifying OUs

name

Display