Hello Faadi,
Onboarding is basically for the employee's personal device, which are not domain joined, where IT cannot control them. employee will do onboard to there personal device, so they can do 802.1x, either eap mschap v2 or eap TLS.
Guest users typically do, captive portal and as they do not need internal access and also they do not need to go through the complex process of onboarding, just for connecting once or twice, when they are visiting.
hope this helps..
--