Graded VPN Access on SSL VPN

We are working to deploy multiple VPN gateways (a mix of different Fortigate Firewall models) for access our network such that users can VPN (using Forticlient) directly to their local/primary office from their company PC. For personal PCs, we have a single Juniper gateway at our central data center that works to varying degrees.

Ideally, we want to replace the Juniper with the Fortigate VPN (using Windows Remote Desktop on the endpoints), but have the access level restricted based on if the VPN endpoint is a company PC (grated full access) or a non-company device (restricted to RDP to local office workstations). Originally wanted to specify two different listening ports (proprietary port used for the company PCs since we can manage the Forticlient config), but the Fortigate appears to only support one listening portal with different user realms as methods of differentiating access. Main problem: Our users are all in the same LDAP realm.

Main question: What options are available that work well that permit using the same username/password for both VPNing through a company PC as well a personal PC with different degrees of access?