RADIUS can be used for admin users as well as LDAP and TACACS+ .. even for wildcard admin users (1:N) so one admin account on FGT for many matching ones on RADIUS server. I would suggest check KB for "radius admin" or "radius wildcard", very first hits/technotes will give you idea.
Usual caveats are:
- radius server configured on FGT is used for admins and users or even "use in all groups" is turned on, I'd suggest to make dedicated RADIUS server config and firewall user group just for admin authentication
- group match is set but RADIUS server do not return set string in Fortinet-Group-Name AVP, and therefore group match fail
Another possibility is to open a ticket on support site and attach
- network diagram
- config backup
- RADIUS sniffer (I assume default ports are used so something like CLI output from .. diag sniffer packet any 'port 1812' 6 0 a )
Tom xSilver, planet Earth, over and out!