You can allow students to manage their headless devices ( chromecast, roku, etc..) using the guest device repository and limit the registration in there.
For 802.1X capable devices those will be automatically added to the endpoint DB and if you want to get fancy you can add a custom attribute in the endpoint DB when a successful authentication happens.
It is doable to present the captive portal after a successful 802.1X Auth but the user experience will be horrible (double Auth )
Pardon typos sent from Mobile