Multiple wildcard admin accounts with multiple LDAP groups

Hello all, 

so i have been racking my brain for three days now, on something that should be fairly easy, simple and most important basic configuration.

I need to have two separate groups in the AD, one for Audit users (with read only access) and the other for super-user / master chief admins with full read/write/delete and format permissions.

i have created the two AD groups and added the right users, but there is no was to create wildcard admin accounts ?!?!?!?!?

And not only that, as far as i see, once the user i create is not a wildcard user, he must enter his password to the fortigate manager ?! really ? Isn't that a local user ?

Can i only pick one? Either have a local super user admin and use wildcard as the audit administrators?Or use a local audit user and have a wildcard as my super-admin users?

BTW - local users are not PCI compliance and should not be used in any device!

Can someone please assist?

I am using FMG-VM64 manager running v5.2.4-build0738