diff --git a/.azure/infrastructure/main.bicep b/.azure/infrastructure/main.bicep
index 2beba81ed..b18db0e17 100644
--- a/.azure/infrastructure/main.bicep
+++ b/.azure/infrastructure/main.bicep
@@ -22,6 +22,9 @@ param sourceKeyVaultName string
 @minLength(3)
 param sourceKeyVaultSshJumperSshPublicKey string
 
+@description('The object ID of the group to assign the Admin Login role for SSH Jumper')
+param sshJumperAdminLoginGroupObjectId string
+
 import { Sku as RedisSku } from '../modules/redis/main.bicep'
 param redisSku RedisSku
 @minLength(1)
@@ -218,6 +221,7 @@ module sshJumper '../modules/ssh-jumper/main.bicep' = {
     subnetId: vnet.outputs.defaultSubnetId
     tags: tags
     sshPublicKey: secrets.sourceKeyVaultSshJumperSshPublicKey
+    adminLoginGroupObjectId: sshJumperAdminLoginGroupObjectId
   }
 }
 
diff --git a/.azure/infrastructure/prod.bicepparam b/.azure/infrastructure/prod.bicepparam
index fa4c7f159..24635c640 100644
--- a/.azure/infrastructure/prod.bicepparam
+++ b/.azure/infrastructure/prod.bicepparam
@@ -35,3 +35,6 @@ param applicationGatewayConfiguration = {
     secretKey: 'star-altinn-no'
   }
 }
+
+// Altinn Product Dialogporten: Developers Prod
+param sshJumperAdminLoginGroupObjectId = 'a94de4bf-0a83-4d30-baba-0c6a7365571c'
diff --git a/.azure/infrastructure/staging.bicepparam b/.azure/infrastructure/staging.bicepparam
index bf6b997e9..6aeebf509 100644
--- a/.azure/infrastructure/staging.bicepparam
+++ b/.azure/infrastructure/staging.bicepparam
@@ -35,3 +35,6 @@ param applicationGatewayConfiguration = {
     secretKey: 'star-tt-altinn-no'
   }
 }
+
+// Altinn Product Dialogporten: Developers Prod
+param sshJumperAdminLoginGroupObjectId = 'a94de4bf-0a83-4d30-baba-0c6a7365571c'
diff --git a/.azure/infrastructure/test.bicepparam b/.azure/infrastructure/test.bicepparam
index 5b57ebe4f..08eef97fb 100644
--- a/.azure/infrastructure/test.bicepparam
+++ b/.azure/infrastructure/test.bicepparam
@@ -35,3 +35,6 @@ param applicationGatewayConfiguration = {
     secretKey: 'star-at-altinn-cloud'
   }
 }
+
+// Altinn Product Dialogporten: Developers Dev
+param sshJumperAdminLoginGroupObjectId = 'c12e51e3-5cbd-4229-8a31-5394c423fb5f'
diff --git a/.azure/infrastructure/yt01.bicepparam b/.azure/infrastructure/yt01.bicepparam
index 9f540db66..cf657af9b 100644
--- a/.azure/infrastructure/yt01.bicepparam
+++ b/.azure/infrastructure/yt01.bicepparam
@@ -35,3 +35,6 @@ param applicationGatewayConfiguration = {
     secretKey: 'star-yt01-altinn-no'
   }
 } 
+
+// Altinn Product Dialogporten: Developers Dev
+param sshJumperAdminLoginGroupObjectId = 'c12e51e3-5cbd-4229-8a31-5394c423fb5f'
diff --git a/.azure/modules/ssh-jumper/main.bicep b/.azure/modules/ssh-jumper/main.bicep
index c04954a5d..99e8d6298 100644
--- a/.azure/modules/ssh-jumper/main.bicep
+++ b/.azure/modules/ssh-jumper/main.bicep
@@ -14,6 +14,9 @@ param tags object
 @secure()
 param sshPublicKey string
 
+@description('The object ID of the group to assign the Admin Login role for SSH Jumper')
+param adminLoginGroupObjectId string
+
 var name = '${namePrefix}-ssh-jumper'
 
 resource publicIp 'Microsoft.Network/publicIPAddresses@2023-11-01' = {
@@ -79,6 +82,7 @@ module virtualMachine '../../modules/virtualMachine/main.bicep' = {
     sshPublicKey: sshPublicKey
     location: location
     tags: tags
+    adminLoginGroupObjectId: adminLoginGroupObjectId
     hardwareProfile: {
       vmSize: 'Standard_B1s'
     }
diff --git a/.azure/modules/virtualMachine/main.bicep b/.azure/modules/virtualMachine/main.bicep
index 70b15b254..9b7a65e29 100644
--- a/.azure/modules/virtualMachine/main.bicep
+++ b/.azure/modules/virtualMachine/main.bicep
@@ -68,6 +68,9 @@ type StorageProfile = {
 @description('Specifies the storage profile for the virtual machine')
 param storageProfile StorageProfile
 
+@description('Specifies the AD group object ID for the virtual machine administrator login')
+param adminLoginGroupObjectId string
+
 @description('Specifies the SSH public key for the virtual machine')
 @secure()
 param sshPublicKey string
@@ -129,3 +132,19 @@ resource aadLoginExtension 'Microsoft.Compute/virtualMachines/extensions@2024-03
     autoUpgradeMinorVersion: true
   }
 }
+
+@description('This is the built-in Virtual Machine Administrator Login role. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#compute')
+resource vmAdminLoginRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = {
+  scope: subscription()
+  name: '1c0163c0-47e6-4577-8991-ea5c82e286e4'
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
+  name: guid(virtualMachine.id, adminLoginGroupObjectId, vmAdminLoginRoleDefinition.id)
+  scope: virtualMachine
+  properties: {
+    roleDefinitionId: vmAdminLoginRoleDefinition.id
+    principalId: adminLoginGroupObjectId
+    principalType: 'Group'
+  }
+}