If you get a password prompt and don't see an entry in Access Tracker, it could be that the ClearPass service has too many filters, or you have not enabled the Windows Sign On that you probably tried to configure with the SSO settings. This is how your GPO should look like:
In 2, that is the validation that Tim mentioned, make sure the red-boxed entries are all set, however, change it to the name and CA of your own RADIUS certificate.Then in the 3rd window, tick that Windows should re-use the credentials that you logged in with.
Check this video to see what happens if you don't set the certificate validation.