You can add a “change of authorization” field to the mac_create form and when the user Submits the form, it will automatically execute a CoA and use the device disconnect service (you will need to copy the service to make any modifications).
In the enforcement policy of device disconnect service , you can can add the custom endpoint attribute
Thank you
Victor Fabian
Pardon typos sent from Mobile