I'm not sure if Netflow can do this as a proxy is involved, not a limitation with NTA but Netflow, somebody on here may know more though.
You could also try some products or tools that simply use raw traffic, no flow enabled devices required, and 'sniff' at the right side of the proxy.
For example configure a SPAN port to monitor traffic to/from the proxy from your LAN, you will get all the information you need.
We have a network activity and IT security monitoring tool, the LANGuardian which also integrates nicely with NPM and other Solarwinds modules.
Because it look inside the packet contents, it will give richer, readable detail and you can track activity, events by IP address or user name.
You can download a trial from our site or access a live demo system here: