Ok so if you are using transparent mode you should have no proxy settings in the the Mac (or a PC for that matter) thats how transparent works.
For Mac AD authentication you really need to be using standard proxy mode as you need Kerberos and I dont think this works with transparent mode, never got it to work but then I haven't tried that hard;-)
All the guides for SSO use Standard Mode
http://fastvue.co/sophos/blog/sophos-utm-and-active-directory-step-by-step-integration-guide/
So thats what I have always used. I know that introduces some complexity...You can enable device specificauthentication and make Macs use Browser which is easy enough but if you have things like Office 365 it stops Outlook connecting to MS unless you make exceptions for the traffic and then all your other Mac apps that need internet connection will need...
