Sophos XG SSL VPN Group IP white list

Because SSL VPN is device access setting based, maybe try with 2 ACL exception rules:

- first allow your list > SSL VPN

- that drop ANY (0.0.0.0/0) > SSL VPN

But never tested if working.

docs.sophos.com/.../LocalServiceACLEdit.html

That's the correct way.
But it may be a little more simple:
remove checkbox for SSL-VPN from device access / Local service ACL->WAN
Create one ACL exception rule allowing SSL-VPN from specific IP.

How would you specify this rule to only 1 Authentication Group  vs all SSL VPN users?  I want to lock down this one group to their office static IPs to only be able to access our SSL VPN .

You can't specify specific IP's for specific SSL-VPN definitions.
I use only one profile for all allowed VPN-users and create user/group specific firewall-rules that control access.