You can use MAB with Endpoint Groups, for example: the devices that connected to SSID1 input in Endpoint Group 01 and you can configure a policy authorization with this group on the condition and the dynamic VLAN in result
Bajo Work Centers >> Guest Access >> Identities >> Identity Sources Sequences edita el que este aplicado en el portal que mencionas agregando el AD como una opcion de almacen de identidad en "Authentication Search List"