Sorry,
After i posted this - i found that we although the default profile was set as transparent we had a separate profile for SSO that was using standard mode.
By default, the mac wasn't authenticating although we were using Kerberos.
I had to add in a device based policy and set the Mac devices to None
When i restarted i was prompted regarding adding 2 items to the keychain (didnt state exactly what they were), I allowed and now I am blocked for sites that I should be.
Doesnt work as smoothly as I hoped but for the few mac's that we use. It should be OK.