I am in a position where I need the ability to allow end users access to a device. I originally set the solution up so it only allows the requestor, however, due to multiple users need access to the same device, I had to change it to multiple user access. This feels like a bit of a bypass of the request approval as now anyone within a team can access the end server (with or without a reason).
The reason I had to change it was because when user A had an authorised session, user B was not able to request it due to the over lapping time frame. User A and User B were doing different tasks doing a screen share was not ideal.
Not sure if it makes a difference, however I am using SSH and RDP tunnels to facilitate the connection.