Couple of points, most domain joined Windows computers will process user AND machine authentication into ClearPass. Using the tags/roles [User Authenticated] and [Machine Authenticated], you can then define that if BOTH exist, then send back the appropriate action/role/VLAN/etc...
For OS X, you can join them to the domain, or use an alternate method like:
1. Have a static host list for these MAC addresses
2. Add in an SQL auth source and use it as an Authorization source in the service to query the endpoint's MAC and if it exists, then take the same action like you would if Machine Auth were present
3. Use profiler and write a policy to say IF it's OS X AND some other attribute like Hostname CONTAINS <value>
4. Leverage MDM context IF you have one deployed for OS X
5. Create and tag these OSX machines with a custom attribute like "Corporate Owned" and then use the presence of that attribute to derive context