<taken from a previous post of mine>
Because you are using NPS you have limited options, but you do have one. You'll need to setup two Radius server definitions and server groups. They will both point to the same NPS server and use the same shared secret. However, for each server definition, define a unique "NAS ID", for example SSID-A and SSID-B. Then setup your AAA profiles to use the respective server group. Last, setup two NPS policies, one for SSID A authentication and one for SSID B authentication and the appropriate returned attributes. In the conditions, make sure you have the NAS Identifier in there to differentiate the requests as well as AD group memberships.
For example:
aaa authentication-server radius "NPS-SSID-A"
nas-identifier "SSID-A"
aaa authentication-server radius "NPS-SSID-B"
nas-identifier "SSID-B"
Just an FYI:
NPS doesn't support it, but ClearPass could use the Aruba-ESSID-Name atribute that is passed during the authentication attempt.