To grant your users only the access that they need when they need it, combine the management power of permission set groups with session-based access control. Create a session-based permission set group to grant access to permission sets during an activated user session. Previously, you created individual session-based permission sets, but now you can set sessions at the permission set group level as well.
Where: This change applies to Lightning Experience and Salesforce Classic in Professional, Enterprise, Performance, Unlimited, and Developer editions.
Why: For example, you have a customized Salesforce app that accesses confidential information. For security reasons, you want to limit user access to a predetermined length of time. Some users, such as a team manager, require expanded access for the same length of time. You can create a permission set group that includes the different permission sets required for the confidential access. You can create a flow or use the API to create custom logic to activate the session-based permission set group. In this example, the session-based permission set group activates only when the manager-level users authenticate into your environment using a token. When the token expires, the users must reauthenticate to access the application again.
How: To create a session-based permission set group, select Session Activation Required on the Permission Set Group create page. Then, activate the session for the permission set group using a flow or the SessionPermSetActivation SOAP API object.
Grant Access Based on Activated User Sessions for Permission Set Groups (salesforce.com)