Yes – map to a property in the role for the AP (and the upm) and then leave the property blank for whatever method you don’t need on the server.
so i still need to create 2 APs, one for domain auth and one for UPM? I just need to create one for domain auth and if i don't want that server to use domain, i just leave it blank for the property?
UPM does not use the automation pricinpal. UPM is the user mapping.
On the rbac role tab you can define that the role maps to a property for both upm and the ap. You can set both and then leave the one you don’t want to use blank on the server. for UPM you’d just fill in the account name in the property on each server.