diff --git a/pillar.example b/pillar.example
index 256303a..c45d5ac 100644
--- a/pillar.example
+++ b/pillar.example
@@ -38,6 +38,8 @@ users:
       - ALL=(otheruser) /usr/bin/script.sh
     sudo_defaults:
       - '!requiretty'
+    # enable polkitadmin to make user an AdminIdentity for polkit
+    polkitadmin: True
     shell: /bin/bash
     remove_groups: False
     prime_group:
diff --git a/users/init.sls b/users/init.sls
index a4f6cba..8bcfbab 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -32,6 +32,7 @@ include:
   - users.user_files
 {%- endif %}
 {%- endif %}
+  - users.polkit
 
 {% for name, user in pillar.get('users', {}).items()
         if user.absent is not defined or not user.absent %}
diff --git a/users/map.jinja b/users/map.jinja
index f81acc4..1237066 100644
--- a/users/map.jinja
+++ b/users/map.jinja
@@ -10,6 +10,8 @@
     'bash_package': 'bash',
     'sudo_package': 'sudo',
     'googleauth_package': 'libpam-google-authenticator',
+    'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
+    'polkit_defaults': 'unix-group:sudo;'
   },
   'Gentoo': {
     'sudoers_dir': '/etc/sudoers.d',
@@ -43,5 +45,7 @@
     'bash_package': 'bash',
     'sudo_package': 'sudo',
     'googleauth_package': 'libpam-google-authenticator',
+    'polkit_dir': '/etc/polkit-1/localauthority.conf.d',
+    'polkit_defaults': 'unix-group:sudo;'
   },
 }, merge=salt['pillar.get']('users:lookup')) %}
diff --git a/users/polkit.sls b/users/polkit.sls
new file mode 100644
index 0000000..df959bc
--- /dev/null
+++ b/users/polkit.sls
@@ -0,0 +1,32 @@
+{% from "users/map.jinja" import users with context %}
+{% set polkitusers = {} %}
+{% set polkitusers = {'value': ''} %}
+
+{% for name, user in pillar.get('users', {}).items() %}
+  {% if user.absent is not defined or not user.absent %}
+    {% if 'polkitadmin' in user and user['polkitadmin'] %}
+      {% if polkitusers.update({'value': polkitusers.value + 'unix-user:' + name + ';'}) %}
+      {% endif %}
+    {% endif %}
+  {% endif %}
+{% endfor %}
+
+{% if polkitusers.value != '' %}
+users_{{ users.polkit_dir }}/99salt-users-formula.conf:
+  file.managed:
+    - replace: True
+    - onlyif: 'test -d {{ users.polkit_dir }}'
+    - name: {{ users.polkit_dir }}/99salt-users-formula.conf
+    - contents: |
+        ########################################################################
+        # File managed by Salt (users-formula).
+        # Your changes will be overwritten.
+        ########################################################################
+        #
+        [Configuration]
+        AdminIdentities={{ users.polkit_defaults }}{{ polkitusers.value }}
+{% else %}
+users_{{ users.polkit_dir }}/99salt-users-formula.conf_delete:
+  file.absent:
+    - name: {{ users.polkit_dir }}/99salt-users-formula.conf
+{% endif %}