Pre-selected AD group for JIT elevation based on custom value

Hi @Christian Egli

If I understand your request correctly, I believe our Privilege Sets might be the solution you're looking for. Privilege sets allow you to specify which group can be used with which privileged account, cleaning up the large list of groups available during checkout. https://devolutions.net/blog/2025/02/decoding-permission-sets-and-privilege-sets/

Let me know if this helps or if it doesn't exactly fit your needs.

Cheers,

Hi Luc,

Thank you for your reply.

I don't think privilege sets are the solution.

When I start a session “Server01” with a PAM account “user01,” the elevation group “group01” should be selected automatically. When I start a session ‘Server02’ with the same PAM account “user01,” the elevation group “group02” should be selected automatically.

Do you have a solution for this?

Kind regards,
Christian

I don't think this is possible with what is currently available, but would it be suitable if this was configured at the consuming entry level? Example would be that you specify the PAM account linked to a RDP entry and under the drop down where you link the PAM credential you could also pre-select a group to elevate with upon checkout. Could this fit with your request?

Cheers,

A drop-down menu would be perfect here. Please note that we have inherited the PAM account.


Kind regards,
Christian Egli

This means that when the RDP session is started during the checkout request, the fixed group is automatically selected as the default and can still be edited manually.