You can create a role mapping based on the Aruba attribute Aruba-AP-Group:
Aruba : Aruba-AP-Group : ClearPass TIPS Role (Building Name / AP-GROUP)
And then on your enforcement policy you can use that in your logic:
- Tips > role equals ClearPass TIPS Role (Building Name / AP-GROUP)
- Authentication > Full-Username equals Generic Account