As per subject,
If a device is carrying organisation certificate or CPPM OnBoard certificate and attempt to associate to a GUEST SSID (where security is less, say on Internet traffic, not behind organisation content filter, etc) can one force them to associate to CORP SSID ?