Assuming you have ISE mapped to AD, setup a certificate authentication profile that you reference in your policy sets:
Administration->Identity Management->External Identity Sources->AD
Here you can create a new profile to use your AD source, and configure to use your UPN
I believe what you are looking for is Subject Alternative Name. Double check in your cert details to confirm.
HTH!