If you can split the deployment by pools, e.g. allowing managers to use a specific pool, then you can do what you need by using tags (restricted entitlements). Just allow the manager's pools to be accessible via remote access.
Doing this with AD groups is not supported, although if you can use tags, then you can entitle the individual pools to AD user groups so that the entitlement process is all handled through AD.
Mark.