• Status: Open
  • Priority: Low
  • Security: Public
  • Views: 33
  • Last Modified:

Configuring ADFS with Multiple UPN Suffixes

HI, i am configuring an ADFS 4.0 server with an additional WAP Proxy Server to allow SSO with things such as facebook workplace and Egress Switch

we have  our primary domain which is company-A.com and a load of additional UPN suffixes which users can be configured with for  example companyb.net, companyc.org and anycompany.com.

the FQDN of the ADFS box will be


do we need to have a Multi-domain SAN certificate configured to allow external 3rd party applications such as office365, or facebook workspace to be able to authenticate users with usernames that contain one of the other UPN suffixes. or do we simply need a single domain certificate for adfs.company-a.com


Andy Doe
Andy Doe
1 Comment
for O365, you don't need SAN certificate, your adfs single hostname cert will work though you have multiple domains

If you wanted to publish Apps with different domain names through your web proxy server, you need cert with app URL FQDN and that must be installed on adfs proxy server
Infact no matter you have app published with same domain name as adfs, still you need to install app URL certificate on web application proxy server

Join & Write a Comment

Featured Post

WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now