You can set your PI to use an external AAA server for authentication to PI itself (reference). Authorization (i.e what the authenticated user may do on the server) requires settings local to the PI server. PI itself doesnt really "manage" any AAA servers other than the most basic up/down ping test. You might be able to load the server MIBs and get a little more out of it but that's really not what PI is designed to do.
You can setup ISE (if you use it) as a data source in PI to show you what users have authenticated to ISE-managed devices.
Prime LMS (before it was Prime and just plain LMS back to the CiscoWorks days) used to be able to rely on a TACACS server for authorization but the integration was a bit complicated and Cisco moved away from that as LMS moved to v4 and their TACACS server product (ACS) moved to v5.
Of coure the crredentials PI uses to log into devices can be on the AAA server but that's a device - AAA integration, not really a PI integration.