SSID authentication via Radius Server on FortiOS 7.2.10 / FortiGate 80F

Hello all,

is there any Documentation or Best-Practice on how to set-up a Wifi SSID with AD-Authentication via Windows NPS Server from scratch? 
At the moment our company uses MAC Filter based via WPA2-Personal, but i want to change it into Authentication through AD via Radius Server. Best would be WPA3 Enterprise i guess. I set up the NPS Server, applied the Network policy and Connection Request Policies, set up the AD groups, added them into the Network policy, created Radius Client on the Forti (and NPS Server ofc), connection between Forti and Radius is successfull and also my user credentials are working, but when i set up the SSID and add it to my Network Interface, the Client says connection is not possible.
I mainly used this technical tip: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-FortiGate-and-Microsoft-NPS-Radius/ta-p/213024

and also this
https://docs.fortinet.com/document/fortiap/7.4.4/fortiwifi-and-fortiap-configuration-guide/961597/configuring-user-authentication 

But i think in some config im doing somethin wrong.
The Network Interface on my FortiGate 80F is a software switch with IP/Netmask from 192.168.5.254/23 and i want the clients to get an IP from this range. This works perfectly fine with our main Wifi atm. 
Has anyone any helpful links or even idea what could possible be wrong?

This i atm mainly a test to see if everything works to rollout via FortiManager afterwards.
thank you in advance :)