This is certainly a situation that will vary for every organization, but maybe there are ideas here that can be adapted easily.
The PUBLIC network is just that, something for visitors. There is a security key that is very easy to remember, 12345678, and it’s perfectly OK to give this out to visitors (although probably not to random strangers visiting the building). The public network does NOT have access to the servers, to the organization’s email, etc., just to the Internet.
The Staff network is exclusively for staff use. Please NEVER share the connection information with anyone else. When you connect to the Staff network, you’ll need to put in a slightly more obscure key but then you’re still not done. Now launch a browser and you’ll be prompted for your account and password. The same as your domain login, it’s still your login and password.
If you are away from WiFi for an extended time (several days), you will need to re-authenticate when you reconnect.
Consider again the security implications. If you bring a malware infected machine into the office and connect, you’ve created quite an issue. If you allow a non-staff member access to the staff network, the risk to the organization goes way up.