I've got an issue using Mikrotik HotSpot service with Square terminals and Ipad registers adding there MAC address's in to HotSpot they authenticate and work for a few hours or a few days then there MAC changes. On the Ipads its rectified by turning off private address feature under the WIFI network. Squares cannot disable MAC randomization from what I have researched.
I'm in the process of deploying all Mikrotik hardware for this venue and switching from UniFi to CapsMan. I tested using access list under CapsMan adding a few entries without any MAC address just changing the Private Passphrase option and tested connecting and it seems to work. This would allow me to generate a PSK for each device connecting to the secure ssid but it does not look like there is any way to limit how many devices can use the key? Is there a better way of doing this ? I'm trying to keep it simple and not deploy a RADIUS option and have to deal with certificates.