This is possible, but there are some considerations. Does each user have a client cert and the MWG needs to provide a different cert based on the user? Or is this a generic cert provided to your organization? Is the client cert requested immediately or later in the connection?
I dont have a client cert auth web site to test with right now, but I believe the below screenshot is what is required.
Inside the Enable SSL Client Certificate Handling settings (Test Client Cert), here is what my settings look like. I just imported a web cert, but the concept is the same. My settings always use a specific certificate (for the case of an organization cert). But if you have user based certs, then you'd use the option for "Use client cert from known client certificate list, if client has proven ownership". You'd then have to preload the MWG with all the certs, but based on your description this sounds like an organization cert.