If a user account has a different name in the on-prem AD vs. Entra ID (Azure), authentication will fail if the standard process for setting up ADFS with Entra ID (KB 322179) is followed.

i.e. if the user's UPN is "[email protected]" but the sAMAccountName for the user is "domain2\user", authentication will fail.

This is expected behavior as using an account where the UPN and sAMAccountName differ is not a supported configuration.

While this configuration is not supported as configured, it is possible to work around the issue by creating custom UPN Claim Rules.  Note that this is not something which Broadcom Support will assist with configuring as it is outside the scope of support for our products.  Configuring custom ADFS Rules is your responsibility to understand and implement.  There are some resources online that cover the basics of what needs to be done, however if you need further assistance you will need to work with your AD team or reach out to Microsoft for support with the configuration process.

Community Article: https://community.broadcom.com/vmware-cloud-foundation/discussion/adfs-authentication-issue-with-alternative-upn-domain