I have kerberos authentication method added and working to our default_access_policy_set.  We have a multi-domain Active Directory environment, so when internal users go to the workspace FQDN, they must select a domain from the drop-down menu and click the Next button, and then kerberos logs them in automatically.  If the user mistakenly selects the wrong account domain, the next page shows "Access Denied. You do not have access to this service..." and there is no way to go back and select the correct domain.  I am able to easily clear the browser cache to allow the user to select a different domain, but why can't we just use UPN for login and skip domain selection drop-down?  Has anyone been able to get around the select domain requirement for user login?

I would like to get rid of the domain selection process and just allow the user to enter their userPrincipalName to log in.  The system should automatically be able to authenticate their domain credentials from just the UPN.  I haven't been able to get that to work with AD authentication and kerberos single-sign on, though.