The ProxySG appliance uses sequence realms to allow for authentication within mixed environments.
The goal is to allow a user to provide a single set of credentials from whatever Authentication/Authorization Server they are using (Active Directory, Radius, Novell NetWare, etc) and the ProxySG will automatically check the credentials against each realm it has configured until it finds the one that can accept those credentials.
What a sequence realm does not provide is failover.
If a realm listed in the sequence has a server or other failure, the sequence realm will not move on to the next realm in the list, but will instead send an exception to the user, and authentication will fail.
Also note that you can only add one IWA Realm to a Sequence Realm.
If authentication failover is required within the ProxySG environment, then, in the case of IWA for example, multiple Domain Controllers should be pointed to, using multiple BCAAA Agents.