You have to exclude the range of non-domain user to not asking authentication.
That's it. it will work 100% and no matter of browser.
i can not exclude the non domain user.
if they want to connect internet they need an authentication (NTLM) for which group they are mapped to.
if they are HR group, they only connect to URL with criteria Professional networking and job career.
Chrome does not allow storing the credentials for the Proxy Server. There is an extension for Chrome which does this job.
As an alternative you could implement "authentication server" authentication for users who are not part of the domain. This allows MWG to "cache" credentials for a certain amount of time and will reduce the number of popups non-domain users may see.