Firefox, so far as I know, usually have to set at least the network.negotiate-auth.trusted-uris and possibly the network.negotiate-auth.delegation-uris (go to about:config to find them and search explicitly or just type in "uris" to pull them all up).
E.g.,
network.negotiate-auth.delegation-uris = my.domain.com, myother.domain2.com
network.negotiate-auth.trusted-uris = my.domain.com, myother.domain2.com
What one of our groups did was create a simple little Firefox configuration extension. That's deployed by default with all managed workstations; or users can also download as well and install manually. This will set the organization required values for those settings and things like making sure the trusted cert list is proper / download new ones if needed.