If a user account has a different name in the on-prem AD vs. Entra ID (Azure), authentication will fail if the standard process for setting up ADFS with Entra ID (KB 322179) is followed.
i.e. if the user's UPN is "[email protected]" but the sAMAccountName for the user is "domain2\user", authentication will fail.
This is expected behavior as using an account where the UPN and sAMAccountName differ is not a supported configuration.
While this configuration is not supported as configured, it is possible to work around the issue by creating custom UPN Claim Rules. Please note that this configuration is outside of Broadcom support scope and further assistance can be pursued through AD administrators or Microsoft support.
Community Article: https://community.broadcom.com/vmware-cloud-foundation/discussion/adfs-authentication-issue-with-alternative-upn-domain