Hi folks,

I have the following scenario and I'd love to hear your feedback. 

- The organization has two entities, let's say A and B
- Two domains. Entity A has @abc.com and entity B had @cde.com
- Both entities have the same the domain for email only. So an A user and a B user, would have A@abc.com and B@abc.com
- Every entity has it's own AD. However, B users have two identities because entity A manages exchange for the whole organization. So a B user, would have an identity in entity A AD (let's say, B@abc.com for email) and another identity in B AD (B@cde.com to sign in to corporate apps)
- Entity B has already a SSO solution (Apegeo CAS) that they'd like to keep and manage by themselves only for their users

The customer needs to migrate to office 365, my questions are:

- AD connect recommended topology, how should we sync users? Should we use email as UPN? (SSO would not work because it requires different domains to distinguish users from A and B)
- If we add the two domains, abc.com and cde.com, can a B user login with their AD credentials B@cde.com but have a different email address B@abc.com. There would be only a hybrid exchange server which is managed by A entity. What configuration could work?
- Other considerations

- I have attached a picture, if it helps. :)