I have kinda this setup for my office, where we are 3 departments using the same SSID.
But they get assigned different VLAN’s depending on which AD group they are in.
Can you give any more info on where you are stuck or what is not working?
Set 802.1X security on the WLAN
Under AAA Servers input the IP-address of your Windows NPS server, with the right secret and port.
On the Windows NPS server follow the guide you have posted, and you should be able to create an access policy which grants access based on the AD Groups you selectd.
To restrict “admin” AD group to “admin” SSID and vice versa, you must also add this condition in the network policy:
Select “Called Station ID” as the condition type and click on “Add.”
In the “Called Station ID” dialog box, enter the SSID of the “admin” network. For example, if the SSID is “admin”, you would enter “admin” in the “Pattern” field. Select “Exact match” from the “Pattern Matching” dropdown.