We often need to allow a single non-admin user in our organization to access their own desktop machine remotely. Usually it's some kind of work from home scenario. In the past we would create an additional password for the user on that specific device, and then give them the ID and password to connect from their personal home computer. This becomes cumbersome to manage because we have to then remember to remove that additional password when the user leaves the company. Using whitelists is also very cumbersome to manage. Putting the device into a group and sharing it is NOT an option becuase that device needs to also be contained in our "Desktops" group for our support team, and you can't add the same device to 2 groups.
In summary, we need a way to share access to a SPECIFIC device with a user, and not have to share an entire group.