Secondary Authoriser is in same team/AD group as user.
It would be good to have an option for the secondary authoriser to be in the same AD group but NOT that logged on user.
The use case is simply getting a second set of eyes to agree with your action. This could be a colleague in the same team not necessarily a team leader/manager.
Example: 3rd line support person on a server, wants to install a printer driver, gets a colleague (also in 3rd line) to authenticate with their credentials