Active Directory Properties Stored by CLICK

CLICK requires visibility into Active Directory to function. We understand the sensitive nature of this data and maintain the highest standards around capturing and accessing it.

The tables below detail the minimum (and default) set of properties that CLICK captures from Active Directory objects. Some advanced use cases may require configuring the CLICK AD Gateway to include additional properties. This can be done by modifying the AdExtraAttributes parameter in the AD Gateway Stack Parameters.

Active Directory Users

Property	Used For
`objectGUID`	Uniquely identifying Users
`displayName`	Display
`distinguishedName`	Display
`userPrincipalName`	Linking authentication information with the User
`sAMAccountName`	WorkSpace provisioning requests and linking Users to their WorkSpaces
`userAccountControl`	Determining if a user is enabled or disabled (The CLICK AD Gateway does not send the full value, only a boolean to indicate enabled/disabled)
`memberOf`	Determining Group and OU memberships
`mail`	E-mail correspondence with the User

Active Directory Security Groups

Property	Used For
`objectGUID`	Uniquely identifying Groups
`distinguishedName`	Display, identifying AppStream groups
`name`	Display

Active Directory Organizational Units (OUs)

Property	Used For
`objectGUID`	Uniquely identifying OUs
`distinguishedName`	Uniquely identifying OUs
`name`	Display