in regards to the transparent authentication I took a quick look into the thread and it looks like what you need. Can you let us know how you identified that each request is authenticated? This would allow us to better understand.
You can turn off SSL Scanning and Gateway AntiMalware for sure. I think you may want to keep a "Set Client Context with CA" somewhere in the beginning of your rule set. Otherwise you will not be able to see block pages if Web Gateway decided to block something based on HTTPS. Additionally you may want to make sure that "Transparent Common Name Handling" and "Serve Transparent SSL Connections" are set to true.
This will allow MWG to also get URLs from HTTPS requests in transparent modes. You need the "Set Client Context with CA" Event to give MWG a CA to sign blocked requests with. If you access https://www.blockedsite.com and do not have that Event enabled before, MWG will respond with a plain-text block page. Browsers to not like that very much and give very funny error messages, such as "Proxy refused the connection" or other error messages.