Assuming a windows domain service environment with domain accounts, the main interface (Access tab) of PAM seems to mislead the user that the dual authorization approval workflow is required for each server on the list, since the user needs to click on RDP for a specific server.
However, when having the request approved for one specific server, if the account grants access to other servers, the user won't need to go through the dual authorization workflow anymore.
Is there any configuration of policies, target accounts, devices and devices groups that can accomplish this?
Sample:
Windows domain account: XAccount has access to 2 servers: ServerA and ServerB.
When I click on RDP for ServerA, after the approval is done, I also have access to ServerB. I would like to have separate approval workflows without needing two separate accounts: XAccountA and XAccountB.