When you enter firstname.lastname@example.org it gets directed to ADFS - the domain part here is only used for that.
In ADFS you need to use your internal username email@example.com because the authentication is performed against your on-premises AD
If you haven't configured manually otherwise, ADFS sents userprincipalname firstname.lastname@example.org to Office 365. However, this doesn't matter, because Office 365 is using only the ImmutableId attribute to identify users, so no need to change claim issuance rules.
So, if you're having the error in phase 2., just use the email@example.com to login.