The only supported 802.1X method directly off of Google Apps would be EAP-TTLS and would require a proxy to a Free RADIUS server running an Oauth2 authenticator. EAP-TTLS also requires significant client configuration cross platforms.
The recommendation would be EAP-TLS using Onboard. The users would authenticate with their Google Apps credentials on the web portal during Onboarding.
If you don't want to use Onboard, your only option for direct Google Apps authentication would be web authentication with MAC-caching.
If you have the user accounts synced to a local directory server (AD/LDAP), you can leverage EAP-PEAP or EAP-TTLS. Both of which would be considered fairly insecure in an unmanaged environment.