Well there is no such way where a user is authorized before elevating a privilege automatically, although this can be done using policies, let me explain, assuming you have configured RDP application before for transparent login, then you may have an idea about a check box called RDP session in the RDP application window. If you enable this check box, TL works even in normal RDP session, so, if you configure the windows pop up as TL application and create the access policy to provide credentials for that window, whenever a user will be prompted for elevated credentials PAM TL will provide those real time.
Again, continuing my first statement, these credentials will be provided to everyone who logs in to that server using that RDP application, so this has to be managed using different RDP applications in the Access Policies for the same device but different users, hope this helps.
Shubham.