Is this for a 802.1x or something else, like a splash page?
802.1x does not have access to anything prior to authentication, in any environment, Meraki or otherwise. You have to authenticate just to get an IP address.
If this is some kind of splash page setup, you would have default global rules allowing access to AD/DNS, and then have the user authenticate, and then push a group policy with the new group policy to use with the new access rules.
It's not clear to me what method you are using, but perhaps these Meraki guides might be of help (the first is using MAC bypass, the second is using WPA2-Enterprise mode):
https://documentation.meraki.com/MR/Encryption_and_Authentication/CWA_-_Central_Web_Authentication_w...
https://documentation.meraki.com/MR/Encryption_and_Authentication/Device_Posturing_using_Cisco_ISE