Yes, that is possible, you have to configure MAC Auth in the AAA Profile.
Clients will get the MAC authentication default role if they pass 802.1x authentication AND mac authentication. If they do not pass MAC authentication, they will not be allowed to connect.
In the AAA profile if you enable "layer 2 failthrough", devices that pass 802.1x authentication, but fail MAC authentication will still get the default 802.1x role in the AAA profile and be able to pass traffic.
But why would you do MAC auth before 802.1X?
To get a more secured MAC auth I would lead with Tools like ClearPass which is doing Fingerprinting to prevent MAC spoofing.