Android devices will have issues with authentication as they are not on the domain. One solution, noted in 000008688 is to use form-based authentication to challege users to enter their domain credentials. However, some companies would prefer to simply bypass authentication for these users altogether.

1) In your Web Authentication Layer add a new rule and move it to the very top, making it rule #1.

2) Right Click Source-->Set-->New-->Request Header

3) Under the Header Name select User Agent

4) Under Header Regex enter Android

5) Click Ok then Ok again

6) Right Click Action-->Set-->Select Do Not Authenticate and click Ok

7) Install Policy

Now Android devices will not be challenged to authenticate. Note that because these users are not authenticated, controlling the sites and categories these users can access can't be done by username or group. Rather, you can install web access layer rules based on a combined source of 'unauthenticated user' and the header regex entry you created for the preceding rule.