this depends on what you expect. You cannot tell MWG that the group "AD users" can only use 20 MBit/s maximum. At the moment you can only tell that a request that has been made by a member of the group "AD users" can only have 200KBit/s. This can be done using the Throttle.* events. All events are per connection.
Add a log to the feature request fire. This is the one thing (and the ONLY thing) I miss about our old Bluecoat proxies - they did total bandwidth and group bandwidth management very well. Bluecoat's GUI, inspection level, support and performance made me want to put a fork in my eye, but they did traffic management very well.
Here's how to submit a product enhancement request to McAfee -- I need to check whether I've done the same, but traffic management would indeed be something that would be excellent to have to keep individual users from overrunning hte boxes with multiple connections. Add one here
In MWG 7.3.2, DSCP header marking was added, which is a way for you to control bandwidth using an upstream device (if it supports QoS). This would allow for "group based" throttling.
MWG itself cannot do the QoS itself though. Not sure if thats in the plans yet.