Implement a class which derives from the SecurityProvider in .net class and customise it to behave differently for given user type.
On user login, check if this user is admin or whatever, then re-load the aspnet identity security context and provider to the relevant type with the desired implementation.
Check this link for some info on how it works, then you customise the internals of the policies.
ASP.NET Identity 2.0: Setting Up Account Validation and Two-Factor Authorization | John Atten[
^]