UPN Authentication vs FAC Realms in Multidomain Setup
we got one customer company running for some time using FAC to authenticate 2 Factor Users in a AD domain forest with about 20 sub-domains. We use realms which match the domain name for the users like firstname.lastname@example.org or email@example.com and so on to match the different domains.
Everything is fine with that - but for the ease of use, we would like to globally switch user logon information to using UPN Names where (UPN=external email-address). This would need me to de-configure realms on the FAC an I am not sure, how this would work as using the "@" sign now defines which realm to use?
Can I skip all realms and just use global groups? Has anyone tried something like this yet?