Aside from the Active Directory functional level requirements previously mentioned, the user principal name (UPN) configuration might also need to be adjusted in preparation for SSO. Following are the requirements for a UPN to be used with SSO:
• The UPN suffix configured for each Lync Online user must be identical to the domain that will be enabled for SSO with Lync Online.
• The UPN suffix must be a publicly registered domain.
• A UPN used with SSO can contain only letters, numbers, periods, dashes, and underscores.
With many Active Directory deployments, the UPN suffix for users matches the Active Directory DNS domain, and for this reason it is typically a private domain name that registered only on ...