Concept / Approach to allow administrative Access to Computers in Enterprise on request

Hi there

We have a requirement to implement a solution with One Identity Manager 8.1.2, that allows to request local admin access to all or a single Windows Workstation Computer in the Enterprise.

The request shall be limited for a certain time and some Kind of approval will be required, this is not specified yet.

Any suggestion from the community what the best Approach would be?
An requestable AD Group for each Computer in the IT Shop?

Happy to hear any thoughts.

Best regards.