Now we can add the new domain to the tenant in the Office 365 Portal. With the UPN suffix added, verify the respective users that need to logon using the new UPN have this set for their Active Directory user account. So first off, you should install update 2 on all ADFS Proxy and ADFS servers in your environment following by making sure the new logon domain you wish to use has been added to the UPN suffix list in your Active Directory. The good thing is that with Update 1 or later for ADFS 2.0 RTW, we now have support for multiple UPNs per ADFS federation farm and in this post, I’ll walk you through how you introduce support for an additional UPN in your existing ADFS deployment. This meant that the enterprise had to deploy 2 x ADFS Proxy and 2 x ADFS servers per UPN that needed to be supported! So 8 servers would be required in order to support 2 UPNs! Yes I agree, you could go with 1 x ADFS Proxy and 1 x ADFS server per UPN but would you really like to introduce a single point of failure like that nowadays? That’s what I thought. So prior to Update 1 (note update 2 is out now and is the one you should use) for ADFS 2.0 RTW, enterprises that implemented ADFS based identity federation with Office 365 was required to deploy an ADFS federation farm per user principal name (UPN) that needed to authenticate against an Office 365 service.
