Why so many VLANs ? Keep it simple, just put all IoT in one VLAN, including your assistant.
Especially if you are new to Mikrotik environment because as you saw yourself there is no one click magic buttons like other vendors have.
Also one SSID is possible, but not without RADIUS and MAC authentication. So you need to use User manager and everytime you want to connect your device you will need to add his MAC address to the system.
Unnecessary in my POV.
For isolating VLANs you will need to create firewall rules to separate them on L3 layer. (VLANs are separated on L2 layer)
If you want to learn VLANs here is great tutorial and if you get stuck somewhere you can ask for help here.
http://forum.mikrotik.com/t/using-routeros-to-vlan-your-network/126489/1