There is no benefit to using a load balancer between a ProxySG appliance and BCAAA servers.
Each authentication realm establishes a single connection to its primary BCAAA server when the system boots, and never changes it (except for configuration changes, at which point the old connection is dropped and a new one created). Except for fleeting moments during policy changes and configuration changes, there is only one active BCAAA connection per authentication realm.
Approaches based on spreading connections to different servers will appear to work, but in reality all the traffic will be going to the server that was chosen when the realm initialized and the other servers will be idle. So there is no benefit to using a load balancer between the BCAAA servers.