Add User Identity

Good day all.  We have created an Identity called sm_AddUsers (v11 SP10).  We have a separate team that is taking over the responsibilities of adding users to the system and they do not require any other elevated privileges, so I don't want to add them to the Administrators Identity.  I can't seem to get this Identity setup correctly with permissions to be able to add users.  The current error they receive is

Add access is denied for Alias.


I went through User, Alias, Identity, and Member ItemTypes and made sure the Identity was in Can Add and the permissions where set the same as the Administrators (except User, they cannot delete).  I'm at a loss for why this is happening.  Is there something else that affects who can add a User?  Thank you for your help.