There are two parts to this:
First you must create the policies on IAS. It should read something like: if users belong to group_A, then return value of group_A for your attribute (attribute == class in you example below). You would continue to define additional rules for the rest of your groups.
On the controller side, you perform a mapping that says, if attribute / value pair is class == group_A, then assign Role_A.
** If you leverage VSA, then you can save a step and not have to define the radius server rules on the controller. The value coming back on the VSA must match the name of the role.
** I indicate role in my example because you vlan is a component of the role and you also have the option to define an acl along with it.
-michael