Single-SSID.
Major Caveat is that we can't have users redirected via user-role to the web page; they'll need to navigate to it from links off other means. The reason for this is that we're trying to check for business vs. personally owned devices, and in order to do the former approach, we'd have to have all the tens of authorization sources that would help delineate business|personal included with our standard 802.1X authentication. Given that we do 8 million auths a day, we can't afford to have all those sources hit that much.
Thus, we're looking to perform the lookup to delineate business|personal during the web-auth/pre-auth part of onboarding.
- Ryan -