When you configure single
sign-on and users log on by using the user principal name (UPN) with a format
email@example.com, by default single sign-on fails and
users must authenticate two times. If you need to use this format for user
logon, modify the LDAP authentication policy to accept this form of user name.