Hi Wasfi,
Unified Agent can provide the authenticated user information to the WSS when connecting to a Data Pod. You won't be needing a Captive Portal Option for authentication if the logged user the correct one. For group based rules to work, an Auth Connector connected (or able to connect to) to the same Data Pod will be needed.
The option of captive portal over UA is needed if the logged user is different from the company one. i.e. You are having installed UA on your home machine which is not part of the company domain. In such a scenario, the logged in user is not part of the company. So enabling the Captive portal option for UA, will make it to ask for the username/password to authenticate during the tunnel creation. If this is not the case, then there is no need for enabling Captive portal for UA