I have a feeling you might need three quarantine rules in NAC, one for each group, so that the user gets placed into the correct VLAN, if you want to go down that path with a combined SSID. You will then need to have the NAC policy mapping of your quarantine policy role to three policies with the VLAN for each group. Finally, change the VNS Global/Authentication/RFC 3850 options to be Both RADIUS Filter-ID and Tunnel-Private-Group-ID attributes. NB: This is theoretical, although I do have the RFC 3850 option set to both in my environment.
Having said that, we also have Casper integrated via OFConnect for our iPads (we were the first customer actually), and I would be rather wary of having a single SSID if you're going to use AirPlay or other Bonjour services, as multicast traffic will be seen by clients in all VLANs which caused some problems. One possible solution could be to use the feature that lets you bridge Bonjour to a separate VLAN and use the same one for all, but we separated our SSIDs back into staff and students. This had further benefits in restricting students to only joining devices in Casper to our wifi which would have been more complicated with a single SSID. Obviously there is a performance degradation in having more SSIDs, so you should test it and see.
I believe the downside of a quarantine VLAN is the client not changing their IP if you have a long DHCP lease time, but that's less of an issue for Casper assessment since it'll happen immediately on join, rather than when the NAC agent relays the assessment result to the NAC assessment server. Also IIRC the client will be fully deauthed rather than have a RADIUS CoA request sent to the EWC's DAS port, as I don't think that feature request has been implemented yet. So it's not an issue at all really. Except that iPads will stop joining the wifi if you send too many deauths in a short period of time, which is one reason why, despite having asked for that assessment feature, we actually manage it by having a group in Casper and just chasing up the students directly when they haven't checked in recently.
I'm happy to discuss any further Casper/NAC/EWC questions you have here or offline too.