Users trying to surf the web via WCG, get a user/pass prompt when transparent authentication is configured
There are a lot of prerequisites for IWA to work properly. Once of which requires the client and proxy to be in the same domain. For some reason when using FQDN as the proxy configuration, the system doesn't recognize the WCG as part of its own domain or intranet, and therefore doesn't allow it to use SSO.
To solve the issue, you will need to add the WCG FQDN to the Intranet site list.