Simple... if you want to have 3 SSID's, your create a new SSID and name the profile EMP-M and set the SSID to EMP-M. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your seconds WLAN and anme the profile EMP-G and set the SSID to EMP-G. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x. Create your third SSID and name the profile EMP-T and set the SSID to EMP-T. Then configure your WLAN SSID settings which would be WPA2/AES with 802.1x.
The lookup to what users belong or can authenticate to what authentication protocol is defined in your ISE. Your WLC will be a AAA client in ISE and you will define the ISE as a radius server and point each of the WLAN to use ISE for radius. Your ISE policy in order to differentiate the different SSID's, you will need to have three differnt policies and use the following to specifiy only from this SSID:
Hope this helps.... now you just have to figure out your vaious ISE policies.
You first need to understand what you want to do, which includes if you want to profile, posture, etc. That is where you have to understand what you can do and what you want to do. If its basic, take a look at this video and then when you create your polices, you can specify the .*SSID to differentiate the SSID's, of course you will have three polices just for the wireless.