privacyIDEA has been able to use administrative realms for quite a while. I.e. you can define a connection to an LDAP directory, define a resolver and a realm and get all users in a security group. Then you can set this realm to have administrative rights in privacyIDEA. Thus you already can handle large numbers of administrators.
In upcoming version 2.4 you will also be able to use these administrative realms in policies. Thus you can create a policy for an administrative realm, that only allows those users to reset failcounters (example 😉 and you have defined the rights of your many help desk users easily.
2.4 will come soon, but you already can see the current only documentation.
In combination with the new possibility to manage users within privacyIDEA, this way you would also be able to manage administrators within privacyIDEA.