There can be many reasons why users may receive authentication pop-ups. This article explains only one specific example.
When NTLM authentication for proxy authentication is employed, authentication pop-ups display when you change the Windows password by password policy.
Authentication pop-up box displayed when customer change the windows password by password policy.
A special application is used to change the Windows password, which causes the authentication pop-up.
1. To check authentication password: Change the authentication method for only basic credential (this option is just for troubleshooting so that you can confirm with a packet capture the actual password being sent from the browser).
2. BCAAA debug: see TECH241697
3. Take a packet capture (PCAP)
From PCAP: Windows client used an old password for Proxy authentication. If this is the case, the problem is not caused by the ProxySG but rather the client sending an incorrect password.