Yes, it is possible to create Pod security admission at cluster level as described in the documentation
To add usernames in exemptions section in case of RBAC based AKS, you can use Azure RBAC to define access to the Kubernetes configuration file in AKS. You can assign users built-in roles or create custom roles using Azure RBAC mechanisms and APIs, just as you would with Kubernetes roles. With this feature, you not only give users permissions to the AKS resource across subscriptions, but you also configure the role and permissions for inside each of those clusters controlling Kubernetes API access.
You can add AD group object id to the group claims for applications by using Azure Active Directory.
Sources:
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/concepts-identity.md
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/aks/manage-azure-rbac.md
If this does answer your question, please accept it as the answer as a token of appreciation.