identitymanager
There are different ways one could accomplish this.
Option-1 : You could embed the code logic on the loginpage to append @abc.com before posting the creds to login.fcc.
Option-2 : Use SMWALKER as an authentication scheme WEDGE to manipulate / modify before doing a user disambiguation. Inorder to use SMWALKER you'll need to reach out to your Account Manager and procure the necessary Global Delivery Support / Licensing agreements.
Option-3 : Try to define within the Authentication Scheme Effective Lookup, just like you mentioned. I personally haven't tried this, however a few trial & error should suggest this would work OR not. PROS, this would be very simple. CONS, it does not provide you any dynamic e.g. if there are users with @xyz what then (whereas the above 2 approaches does offer some flexibility)? Hence I would evaluate this solution based on longer term business needs rather than short term goals.
Regards
Hubert