So all employees are using BYOD devices?
If you need to decide which devices are allowed in. You could make a record of the MAC address for all the allowed devices to your whitelist and then enter them into your Controller. Another sollution, if you are for example only accepting PC's and you have a Windows Certificate server, you can install certificates on the users laptops and use that for 802.1x authentication