The better approach is to have your RADIUS server correctly authenticate users based on the SSID. The SSID is sent to the RADIUS server as the Called-Station-ID.
If you can't get your RADIUS server to support this use case, here's an alternate approach. I will admit that this approach is a bit clunky, but you're only trying to make this work for one person.
1. Set the BOSS ssid to use a Splash page and use Meraki authentication. I would also set the captive portal strength to block all access.
2. Create a group policy and set it to bypass the splash page.
3. Assign the new group policy to each device belonging to the boss. I suggest using the per-SSID group policy assignment so that you only assign this policy on the special SSID.
Other devices will be able to connect to the BOSS ssid, but they will only get the splash page and they won't have a Meraki user to login.
That should be enough to make this work. I guess some people need to be more equal than others.