Hello, I also have the same question, I can not find any doc online, Could you please help to show how to assign a role to users after split by their LDAP group?

1. In the workflow, edit the split and go to Filters & Restrictions > User-Based Filters>Group Name Pattern.  Add your LDAP group names to filter against, using a vertical bar to separate if more than one (i.e., Group1|Group2). This creates the split by LDAP group.

2. Create a Radius Attribute Group for each part of the split.  Go to Configuration > Policies > Add Radius Attribute Group.  Under Attributes you will see options, including VLAN ID and Filter ID. If you are using Ruckus AP's, you can assign the vlan directly. If using another vendor you may need to set a Filter ID instead.

3. Create a policy at Configuration > Policies > Add Policy that uses the attribute group.

4. Go to Certificate Authority > Manage Templates > Certificate templates and add or edit the template to be used for users in each part of that split. Under RADIUS Policies > RADIUS Policies > Actions click + Assign Policy and select the RADIUS policy you created in step 3.

5. Use this certificate template in your workflow under the appropriate split.

If you are using Ruckas AP's, you're done. If you are using another vendor, you will have to configure it to assign policies, etc. based on the filter id that Cloudpath returns.

thank you very much，I‘ll try that！