We have System Managers outside of IT who manage user access, permissions and password resets to there departmental systems. Once we've migrated the database onto a SQL cluster with shared SQL Instances the System Manager can no longer manage their users.
These application have integrated SQL accounts linked.
We can elevate the System Managers account to have Security Admin rights but then they can administer all other SQL accounts also. Once they have been given Security Admin permissions thay can also elevate their permissions to SA.
According to your description, you may consider grant db_securityadmin
database role, instead of securityadmin server role, to the user on the target database to manager database user permissions in this specified database.