When configuring ADFS in your own local the default login of any user authenticating into the environment would be email@example.com or something of that sort. At many times, especially when working with multiple applications, we would like the user to authenticate using different login credentials such as firstname.lastname@example.org. In order to implement this, we can add suffixes that gives us the ability to user a friendly logon name that is not the same as the domain or parent's domain name.
In order to add a domain suffix to a forest, we need to follow the instructions below:
- Log on to the domain controller, or a computer that has the different Active Directory Management Tools, and open Active Directory Domains and Trusts.
- When the application opens, right-click on the Active Directory Domain and Trusts in the Tree window pane, and select Properties from the pop-up menu.
- On the UPN Suffixes tab, type the new User Principal Name suffix that you would like to add to the existing forest.
- Click Add and click OK
After the domain suffixes have been added, new users that are added to the domain can select the UPN suffix to use.