You can either use mac authentication on that SSID (valid mac addresses are assigned a role that does not force captive portal login) or use user derived rules that are based on mac addresses that assign a similar role. The first option is more scalable, but either one depends on the mac address of the device to be known in order to assign an alternate role to bypass the captive portal page.