This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 77%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Currently the way our ADFS 4.0 on Windows 2019 datacenter is set up, users need to add @keyman .company.com to their username to be able to log in successfully.
We added (what I feel is a bandaid solution) a JavaScript that appends that qualifier so that user does not have to do this.
We have only one domain.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 11%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
You could try alternate login Id.
https://video2.skills-academy.com/en-us/windows-server/identity/ad-fs/operations/configuring-alternate-login-id
User can either type their username in the DOMAIN\Samaccountname format or the UPN format (the username@dnsdomainname). Or like Mark suggested, you can configure a custom attribute (although that custom attribute also need a something@something format).
The official way to have the user typing only one part is to go the JavaScript way. It's probably what you've done and it is described here. For the password update page, you can do the same thing. There is an example here.
You can also achieve SSO without having to prompt the user for anything. Like using certificates. Or if you are using ADFS for Azure AD integration (to use Office 365 for example), you can have SSO thanks to having a PRT on an AAD Joined Windows 10 or Hybrid AAD Joined Windows 10. Then you won't see a form. But if you are using ADFS for Azure AD, maybe you should reconsider using ADFS all together and use Azure AD Connect Seamless Sign-On instead.