Are those users members of the same domain that ISE is joined to?
Have you tried having those users authenticate w/o the full domain using just their username, I suspect that it may work.
You could also have users put the @ sign (or other character) at the end of their username, and then create a rewrite rule based on [IDENTITY]@ that rewrites it as [IDENTITY].[DOMAIN] or whatever structure you need, requiring only an additional character from the user, but applying the rewrite to fulfill your needs.
HTH and please mark the solution you find.