The SA Admin Guide SSO chapter has some information on this.
You need to define the proxy at Resource Policies-> Web Proxy->Servers and create a Resouce Policies->Web Proxy->Policies for the resource to go via the proxy.
Basic Auth is supported, there is mention of the following caveat for NTLM:
The IVE supports web proxies that perform NTLM authentication. However,
the following case is not supported: a proxy exists between the IVE and the backend
server and the back-end server performs the NTLM authentication."