Hello, I recently implemented this very thing, actually integrated it with Authentication Proxy. Here are some settings to check:
1. External User Databases - Database Configuration - Windows Database - Configure
Make sure your domain is listed on moved to the Domain List section
2. External User Databases - Database Group Mappings - Windows Database - - Add Manual Mapping
Make sure you have the right AD group mapped to the internal ACS group, you can even set users* if you want to include all users.
3. External User Databses - Unknown User Policy
Check the "Check the following external user databases" radio dial and move Windows Database to Selected Databases
Check âThe database in which the user profile is heldâ radio dial in the Configure Enable Password Behaviour section
Hope that helps!